Yahoo's New Social Net Lets Users Tweak Each Other's Profiles

Taking aim at a younger and more fun-loving audience, Yahoo is testing a social networking site known as "Mash" that allows users to mess around with each other's profile pages. While it already has a social networking offering, Yahoo is reportedly trying to inject more fun into the equation. Mash also will offer more traditional social networking features such as photo and game modules.

Yahoo (Nasdaq: YHOO) is beta testing a new social networking site that, among other things, allows users to annoy their friends.

One of the unusual features of the new service -- currently called "Mash" and available by invitation only -- is the way it lets members fool around with other members' profile pages. In fact, according to a Yahoo blog about the site, people can take it upon themselves to create "starter profiles" for friends without them even knowing it.

While these types of shenanigans would certainly cause problems in the real world -- imagine somebody painting your house chartreuse without your approval -- Mash gives users the ability to accept or reject any profile changes made by their friends. It also allows them to bar anybody from messing around with a profile whatsoever.

A New Approach
Mash will be "a new approach to online profiles," said Will Aldrich, the head of the site development team. While he assured prospective Mashers that they'll find the site easy to understand if they've been involved with other online profile services, Aldrich said Yahoo's latest foray into the field includes "some new twists that make things a little interesting and, we think, a lot of fun."

Yahoo will be offering a "growing gallery" of modules, such as photos and games, which can be used by those owning a profile, or their friends, to customize the sites, he said.

Aldrich's blog is the only official acknowledgment by Yahoo that Mash exists. He is careful to warn those who get invited that the site is far from ready for prime time.

"One last note before you jump in: Mash is still pretty raw -- there are bugs and we haven't gotten to several of the features it really should have," wrote Aldrich.

He asked those who are experimenting with Mash to leave suggestions and comments on the blog site, in his Mash profile or on the Mash suggestion board. "We're listening," assured Aldrich.

More Fun than 360
Most of the comments posted in reaction to Aldrich's blog entry were requests for invitations. A number voiced concern that Yahoo would be abandoning its current social networking service, Yahoo 360. While Yahoo 360 is still up and running, Yahoo reportedly is unhappy about its level of success, and some observers suggest the service, while useful, just wasn't much fun.

Yahoo seems to be banking heavily on the fun aspect with Mash and it hopes the surprise factor of friends having access to each other's profiles -- Wikipedia fashion -- will be the spark. The New York Times (NYSE: NYT) labeled Mash "The Social Network for Graffiti Lovers."

Invitations to the network are likely to come from existing members who already created a Mash profile of the person they've invited, Aldrich explained.

"When a friend invites you, he or she can also add or edit different parts of your profile even before you get to view it," wrote Aldrich. "So even though you have never made or seen this profile, it is in fact yours. Until you decide to keep it, the profile created for you will not be visible to the Mash network, nor will you appear in the contacts of your friends."

Eyes of the Beholder
As anybody who's ever had their shrubbery covered with toilet paper on the night before Halloween can attest, good-natured teasing can often be perceived as annoying vandalism or worse. Gartner (NYSE: IT) Research Director Elroy Jopling is one person who wonders if the Mash idea will backfire for that reason.

"It's the old expression, 'It's not what you write, it's what people read. It's not what you say, it's what people hear,'" Jopling told TechNewsWorld. "Interestingly, when you get into that kind of social interacting, you may have your own interpretation of what you say, write or portray, but the person who sees it can have a totally different interpretation."

While the Mash idea is somewhat "dangerous" and leaves "a lot of room for abuse," Jopling said he believes it could succeed.

"It's so easy to come in on something like that, depending on what your age is," said the analyst. "More than likely, I'm older than the people who be doing that. My perspective is ... it would be kind of intrusive. But to the generation who may be doing it, it could be a different situation altogether."

The Young and the Goofy
Yahoo is in dire need of a social network, said IDC analyst Karsten Weide. The fact that Mash might be attractive to silly young people is a good thing, he said.

"I could see how that could be attractive to the prime target audience," Weide told TechNewsWorld. "We believe the trick to get a successful social network up is to really target youngsters. Then, later, you open the service to older demographics. We believe Yahoo direly needs a big social network. Yahoo 360 does have a lot of users but not a a whole lot of traffic , and the same goes for Windows Live Spaces."

Weide said IDC believes social networks "will be the key component of any Web-based service in the future because users increasingly expect any Web-based service to have social networking functionality."

Cyber-Crooks Ape Business Best Practices

Cyber-crime is a flourishing big business, and although the individuals driving its success may be keeping to the shadows, their handiwork is not. The latest malware tools causing headaches for legitimate businesses and users alike are the products of increasingly professional developers who offer such perks as regular updates and service agreements.

A software tool is released with a performance guarantee and the promise of periodic updates. Another commercial application for the market? Not quite. Rather, this is emblematic of how malware writers are doing business these days.

"We definitely see much of the illegal online activity becoming more professional and adopting behavior and practices you would see in a legitimate company," said Javier Santoyo, senior manager of emerging technologies for Symantec Security Response.

This insight into online criminal behavior is revealed in Symantec's (Nasdaq: SYMC) newly released Internet Security Threat Report. One of its main findings is that cyber-criminals are adopting commercial practices in the development, distribution and use of malicious code and services.


Quality Assurance and Service Agreements
"There is quality assurance testing on these tools, for example," Santoyo told TechNewsWorld. "Many are even providing services . . . like updating the application or tool every time a new exploit is discovered."

Such updates are the reverse of what consumers receive from their antivirus protection vendors -- that is, instead of updating the software to protect against an exploit, the malware virus writers update the application to exploit the vulnerability.

One example is MPack, a professionally developed toolkit that installs malicious code on thousands of computers around the world and then monitors the success of the attack through various metrics on its online password-protected control and management console, Symantec said.

Phishing toolkits have also become commercialized, with the top three most widely used phishing toolkits responsible for 42 percent of all phishing attacks detected during the reporting period, which ran from January to June 2007.

Attackers are also learning to adapt to the protective measures put in place by companies and consumers. Instead of trying to break through anti-malware defenses, Symantec found, they have been seeding malware on trusted sites that are widely visited, such as popular financial, social networking and career recruitment Web sites. Symantec said that 61 percent of all vulnerabilities disclosed were in Web applications.

Meeting a Need
These virus writers see themselves as providing a necessary service, Santoyo said. "They know that their tools will be used for illegal activities, but they see the end users -- the people who actually use their products -- as the real criminals."

Some of this insight was gathered through a series of interviews Symantec conducted with one of the hackers behind MPack. It is an occasional tactic the company uses to complement its own research on current malware trends, said Santoyo.

"They never give information that could reveal their identities or could help us thwart their activities," he noted. "Still, though, the interviews are invaluable in helping us keep a handle on what is happening."

Why Application Security Is Often Overlooked

Most IT and security professionals recognize the importance of the applications we support. We also realize that applications -- no matter whether they're Web based, client/server, or mainframe -- can have security flaws. However, when the rubber hits the road, many firms fall down when it comes to building and executing a strategy for application security.

It sounds tremendously obvious to say it this way, but applications are everywhere. Think about it -- your office suite, your e-mail reader, even the software you're using right now to read this -- these are just a fraction of the thousands (if not hundreds of thousands) of applications you use daily both personally and professionally.

For those of us in IT, we recognize that applications are critical to our business . If the right employees can't get access to the right applications at the right time, business stops. When you really boil it down, most of what we do in IT is about making sure that the applications in our firm stay up and available.

Given the complete reliance that our firms have on the applications that we use, we would assume that the discipline of application security -- i.e., validating those applications to be free from security-related flaws -- would be somewhere very near the top of the priority list for IT managers and security pros.

Unfortunately, that's too often not the case. There are some very real business dynamics that sometimes push application security down an IT manager's priority list. However, spending some time understanding why this happens (and what we can do about it) can be a very useful way to getting a leg up.


What Is Application Security?
Strictly speaking, application security -- as a discipline -- is any methodology designed to ensure that the applications in scope (for example, within a particular firm) adhere to and enforce the security requirements and policy of the environment in which they live.

This can mean a number of things. It can mean, for example, implementing strategies designed to minimize security flaws such as exploitable bugs. It can also mean taking on strategies designed to meet particular goals -- facilitating encryption of data when it is stored, for instance, or ensuring that data sent between components of the application is authenticated and free from tampering.

In other words, application security is concerned with both preventing unwanted events (like flaws in the code that an attacker can exploit) as well as ensuring desired events (like making sure confidential data is encrypted). This is true for both applications we build in-house as well as applications we buy off the shelf.

To satisfy application security goals, there are a number of approaches that we can use. Manual and automated approaches such as application vulnerability scanners or manual penetration testing attempt to scan the application and identify issues so that they can be fixed; source code analysis done either with automated tools or by developers trained to find common logic/programming errors attempt to parse the source code looking for mistakes.

In addition to this, educational programs targeted at making developers and implementers aware of coding errors and security policy so that the applications they write are designed and written with security in mind.

So Why Not Applications?
Most IT and security professionals recognize the importance of the applications we support. We also realize that applications -- no matter whether they're Web based, client/server, or mainframe -- can have security flaws.

However, when the rubber hits the road, many firms fall down when it comes to building and executing a strategy for application security. There are a number of reasons for this, but the primary problem is the diversity of application types and the complexity of the underlying technologies used to build them.

There are all sorts of applications out there (Web apps, legacy mainframe apps, client/server) built using any number of programming languages (Java, C/C++, Visual Basic, Perl). In order to address security within those applications in a comprehensive way, we need to understand both the way that the application stores and transmits data, and also the underlying language and technology used to build the application.

In other words, evaluating a Web app written in Java (for example using servlets) is a completely different exercise than evaluating a CICS application written in COBOL. For applications built in-house, finding and employing individuals with sufficient expertise in all of the platforms in scope is a pretty tall order. For applications we buy off the shelf, we may not even know (or want to know) everything about the underlying technology in use.

However, there are other complexities as well.

In a large enterprise, the number of apps and the interaction points between them can make for tremendous complexity. Each application may interact with dozens of others, and in most cases there is a veritable spiderweb of shared data and application interfaces, and a hodge-podge of legacy components, in play. It's difficult just trying to catalog the applications, let alone evaluate, prioritize and remedy potential security problems.

Smaller firms have different challenges. While there are likely to be fewer applications to worry about in a smaller firm, there is also correspondingly less money and fewer IT staff members. Within that context, hiring a specialized technologist with specific experience in application security may not be an option given budget and headcount.

What Can We Do?
No short article like this one can give you a full plan of action for how to approach application security in your firm. Putting together a complete strategy requires tremendous effort, thought, discussion and resources.

However, IT managers who understand why application security is sometimes overlooked (and what the challenges are) can employ some low-cost "biggest bang for the buck" strategies to get the ball rolling and give them a head start on moving security forward in the application space.

A Triage Unit
As IT managers, we know that we have limited time and resources -- and we need to choose carefully where to deploy resources. In order to do this, we need to be able to prioritize from the applications that exist in the environment.

Unfortunately, there may not be a central catalog or inventory of applications. There may be "stealth" applications "lost in the shuffle," and organizational changes (e.g., mergers) may make some applications hard to pin down.

The first step then, is finding out where the applications are, what they do, who owns them, and what their relative priority is. However, creating an inventory is expensive; therefore, look to "piggy-back" on work already being done to get the inventory.

Initiatives like Business Impact Assessment (done as part of Business Continuity Planning) or compliance-related planning (e.g. SOX/PCI audits) usually require getting a picture of the application landscape. Why not use that as a chance to get an inventory for application security as well?

Evangelize and Leverage
Use the resources and expertise within the firm and apply them to your agenda. For firms with a lot of in-house development, look to the development community to help you forward your application security goals. Train them in security policy so that they understand what goals are important to you and train them about common security flaws in application code.

By "deputizing" the development community, treating them as partners and giving them a role, you get both their attention (so they are less likely to introduce a security flaw in the first place) as well as the benefit of their expertise (so they are more likely to find, report and fix security issues in the software they maintain.)

For firms that have more commercial software and less in-house development, look to the integrators and support teams to help you identify potential issues. After all, nobody knows the applications better than the folks who work with them on a day-to-day basis. Explain to them what types of application security issues you're looking for. Perhaps they already know about a bunch of application security issues and can help you right off the bat; worst case scenario is they can keep their eyes open as they perform their daily jobs and alert you to issues that might crop up.

Google Ratchets Up Fight for Desktop With PowerPoint Rival

Google is amping up its pressure on Microsoft with Presentations, the latest addition to its suite of free, Web-based productivity applications. The tool, which provides functionality similar to that of PowerPoint, allows collaborators to work together on developing a slide show.


Google (Nasdaq: GOOG) has added the third leg to its online suite of office applications. The new addition, dubbed "Presentations," is analogous to Microsoft (Nasdaq: MSFT) PowerPoint. Now that Google has a full-fledged productivity suite, it has shortened its name from "Google Docs and Spreadsheet" to simply "Google Docs."

After logging in to access the suite, users will find presentation files listed alongside documents and spreadsheets in the Google Docs list. They can be edited, shared and published using the Google Docs interface.

As with the other Google applications, Presentations allows several collaborators to work on a slide deck simultaneously. When it's time to make a presentation, participants are connected through Google Talk to follow the slide show. The Presentations application is available in 25 languages.


Google incorporated the presentation, creation and document conversion technology it acquired from one of its many recent acquisitions -- Tonic Systems, which is based in San Francisco and Melbourne, Australia. Presentations' main selling point is its online accessibility, which is Google's specialty.

"We've already freed those of you working in teams from the burdens of version control and e-mail attachment overload when going back and forth on word processing and spreadsheets," Sam Schillace, engineering director, wrote in a blog posting in April, when news of the forthcoming Presentations was first announced.

"It just made sense to add presentations to the mix," he added. "After all, when you create slides, you're almost always going to share them. Now students, writers, teachers, organizers, and, well, just about everyone who uses a computer can look forward to having real-time, Web-based collaboration across even more common business document formats."

PowerPoint Killer?
Of course, it took little time after Google made its initial announcement for the market to speculate on the impact Presentations will have on Microsoft Office. The simple story line has been that Google is seeking to establish parity with Microsoft on the desktop with the development of its own office suite of productivity applications.

To a certain extent, Microsoft is feeling competition -- and not just from Google.

"It is interesting that Google makes its announcement the same week that IBM is expected to roll out its Symphony application suite," Charles King, principal with Pund-IT Research, told TechNewsWorld. "There is a growing number of Web-based or open source alternatives to Microsoft Office."

Smaller companies, in particular, are likely to be intrigued by the offerings, he continued. "If a company is using Office currently and looking out at the eventual cost of migrating not only to Office 2007 but also to Vista, the option of moving to a free or Web-based application like Google Docs can be appealing."

Limits to Enterprise Adoption
However, Microsoft Office's mainstay -- the enterprise -- is unlikely to be swayed by Google Docs, according to King. "I have trouble imagining the largest companies shifting to Google Docs, at least as it stands right now."

Google Docs is likely to play more of a supporting, or complementary, role in the enterprise, predicts Greg Sterling, principal of Sterling Research.

"There are certain preferred uses for the Google software -- the idea of one-to-many collaboration among them," he told TechNewsWorld. "Also, its resolution is very good, considering it is an online application."

It's unlikely that Google Docs will become a replacement for Microsoft Office on the desktop, in Sterling's view. However, some of the developers of niche meeting applications may have cause for worry.

"You can use Google Docs to run a conference call for instance," he said.

Another potential class of users may consist of people who are less than thrilled with the glitch-prone presentation software currently on the market.

"Personally, I'm ecstatic to hear that Google is considering a presentation addition, and I would be among the first in line to try it out," Chuck Sanchez, director of public relations for Haute PR, told TechNewsWorld.

"Prior to -- and often during -- every big meeting, there are technical difficulties that turn what should be a simple plug-and-play into a convoluted delay," he explained. Common mishaps include delays while searching for the correct plugin, finding a misplaced flash drive or locating the correct cord to connect a laptop to a projector.

"Allowing large presentations to live online means that they can be as portable as every respectable room with Internet access -- let alone a conference room," he said. "No one will be able to forget the disk or CD with their presentation, and if Google does things correctly, there shouldn't be the extreme delay of waiting to transfer, or even open, a huge Powerpoint presentation."

Great Linux Sites for Developers

Today's Linux developers are much better armed with a variety of support opportunities, noted HP's Bdale Garbee. They have access to project revision boards that open a whole new level of support not available to individual proprietary software developers, he explained. Ultimately, there is no reason a Linux developer should feel isolated and without help.


What's a poor, lonely Linux developer to do? Where are all the good support sites? How am I going to fix that troublesome bug?

These are questions that even novice code writers no longer have to ask. The classic view of a lonely, isolated programmer writing code for some obscure open source project in a back room is no longer an accurate view of the work environment in which Linux developers toil.

Open source programs have become so mainstream that the boundaries are blurring between proprietary, commercial and public domain software. Many software companies offer both open source and commercial versions of business-class programs.

"Open source communities have built amazing response systems to developers' needs," Bdale Garbee, chief technologist for open source and Linux at HP (NYSE: HPQ) , told LinuxInsider.

Many Sources
Support sites for Linux developers are extremely important, agreed William Hurley, chief architect of open source strategy for BMC Software. The only thing more important than support is documentation, he said, noting that documentation is often a weakness found in most open source projects.

"Most Linux developers use IRC (Internet relay chat) channels and mailing lists, both absolute musts if your company is trying to support Linux developers," Hurley told LinuxInsider.

Linux developers today do not suffer from a lack of support sites and collaborative outlets. In fact, code-writers have many alternatives to community-based Web sites.

For instance, there are LUGs (Linux User Groups), DevCamps, BarCamps, SuperHappyDevHouse, and countless local meet-ups where developers can mingle with like-minded individuals offline, in the real world, according to Hurley. These events also strengthen the local development community, which is integral to spreading the adoption and support of Linux and other open source projects, he said.

Better Support
Today's Linux developers are much better armed with a variety of support opportunities, noted Garbee. They have access to project revision boards that open a whole new level of support not available to individual proprietary software developers, he explained.

These additional support outlets include Web design forums and e-mail lists. Ultimately, there is no reason a Linux developer should feel isolated and without help.

"Very early in the process, Linux developers need access to wiki technology," Garbee said.

Proprietary Reversal
Linux developers do not face unique needs that isolate them from the information sources available to software developers for other platforms. Rather, suggests Hurley, it's the other way around. It's the proprietary developers who more often have unique needs.

"It's usually very easy to get an answer to an open source development question. Proprietary companies, on the other hand, charge for development programs and support. Also, proprietary developers are conditioned to think proprietary, i.e., they are more competitive and less willing to share knowledge or contribute freely. Open source developers have a mentality of cooperation. Communities share knowledge freely, even with competitors," Hurley said.

Support Directory
LinuxInsider asked industry experts to recommend some of the best support Web sites for Linux developers. Here is a list of the most popular suggestions:


Kernel.org One of the ultimate Linux developer goals is to gain access to a Kernel.org account. However, this Holy Grail for open source code writers is not easily achieved. Kernel.org does not grant account status unless the developer is making a reasonable amount of contributions to the Linux kernel and has a good reason for wanting and needing access. Those who feel qualified can plead their case for an account via the Web site's link to ftpadmin.

Kernel.org deals primarily with the Linux kernel and its various distributions and larger repositories of packages. It does not mirror individual projects and software. Even if Kernel.org grants a newcomer account status, the administrative team generally does not provide help in solving programming issues because of a lack of resources.

A better starting point is becoming involved with the Kernel Newbies Web site. This is a community of people actively involved with improving and updating their kernels and those of aspiring Linux kernel developers. Here, newcomers may find experienced developers more willing to share their knowledge.

Also check out the Linux Documentation Project.

The Apache Software Foundation Perhaps playing the role of Big Brother to individual Linux developers, The Apache Software Foundation provides support for the Apache community of open source software projects. Code writers involved in Apache projects are often keenly interested in collaborative exchanges and have a desire to create high-quality software that leads the way in its field.

The Apache.org community sees its role as extending beyond that of a traditional hoster of projects connected by a common server. It is a vibrant community of developers and users. However, newcomers need to approach the community with caution. Membership is reserved for those Linux developers who have demonstrated a commitment to collaborative open source software development through sustained participation and contributions within the Foundation's projects.


Sourceforge.net One of the newest open source developer help spots is Sourceforge.net, which offers support for a broad base of software categories. Code writers can find communities for clustering, database, desktop, development, enterprise, financial, games and hardware. Sourceforge.net also has community support for multimedia, networking, security and storage.

This past July, Sourceforge.net launched a Community Section with tools to help developers talk to Sourceforge leadership and other developers.

There you will find forums for discussing topics not directly related to particular software projects, a blog with posts from the Sourceforge.net regulars, and a calendar of upcoming events.


The Linux Foundation Another relative new group for Linux movers and shakers is The Linux Foundation (LF). LF is a nonprofit consortium founded earlier this year by the merger of the Open Source Development Labs and the Free Standards Group. Its leadership is bent on fostering the growth of Linux and is supported by a growing list of leading Linux and open source companies and software developers from around the world.

Linux code writers will find a base here for neutral collaboration forums that focus on helping companies and individuals work together to solve the challenges facing the Linux platform. The Linux Foundation Advisory Councils provide forums for end users, members, vendors and community developers to discuss shared issues, collaborate on projects of common interest and decide how best to direct resources in support of the development community.


Mozilla.org Here, Linux code writers can find all things related to Web site issues and the open source browser world. Mozilla.org can provide a wealth of community contacts for Linux developers working on projects that integrate with Mozilla projects such as the Firefox browser.

One handy information source is the Microsummaries. These are regularly-updated succinct compilations of the most important information on Web pages. Site and third-party developers provide them.

The Mozilla Development Center provides information on new developer features in Firefox 2 for application developers, XUL developers and extension developers.

Bush Wants Spy Law Changes Set in Stone

President Bush is urging Congress to renew the Protect America Act, which is set to expire Feb. 1, 2008. "The threat from Al-Qaeda is not going to expire in 135 days," Bush warned during a visit to the National Security Agency. "Unless the FISA reforms in the act are made permanent, our national security professionals will lose critical tools they need to protect our country," he said.

President Bush wants to renew and expand the controversial temporary surveillance legislation he rushed into law last month.

The law, also known as the "Protect America Act," updates the Foreign Intelligence Surveillance Act (FISA) by permitting warrantless surveillance of any targets located abroad, even if they are communicating with someone in the United States. Because of a sunset clause, the law is due to expire Feb. 1, 2008.

"The threat from Al-Qaeda is not going to expire in 135 days," Bush warned during a Wednesday visit to the National Security Agency (NSA) in Fort Meade, Md.

"Unless the FISA reforms in the act are made permanent, our national security professionals will lose critical tools they need to protect our country," he said. "Without these tools, it'll be harder to figure out what our enemies are doing to train, recruit and infiltrate operatives in our country. Without these tools our country will be much more vulnerable to attack."


'Liability Protection'
In addition to urging Congress to renew the current legislation, Bush also asked for additional measures he originally proposed last April that would protect companies that have come under fire for their role in government wiretapping programs. AT&T (NYSE: T) , for instance, is involved in a lawsuit brought by the Electronic Frontier Foundation for its assistance in the NSA's broad-scale wiretapping efforts.

"It's particularly important for Congress to provide meaningful liability protection to those companies now facing multibillion-dollar lawsuits only because they are believed to have assisted in efforts to defend our nation following the 9/11 attacks," Bush said. "Additionally, without this protection, state secrets could be revealed in connection with those lawsuits -- and our ability to protect our people would be weakened."

Many Democrats were uneasy with the legislation Bush forced through just before Congress's August recess, and the sunset clause was included in the law as a way to ensure that it would be revisited.

Civil liberties groups, meanwhile, continue to vociferously oppose it.

'A Terrible Message'
"Our view is that based on the information that has been made available to the public, the case has grown for better oversight and accountability for electronic surveillance efforts by the United States," Marc Rotenberg, executive director of the Electronic Privacy Information Center (EPIC), told the E-Commerce Times.

"The critical issue people need to understand is that effective national security requires effective oversight of government activities," Rotenberg explained. Regarding the proposed liability protection for telecommunications firms, meanwhile, "it sends a terrible message for the administration to in effect suspend the privacy laws that protect the rights of Americans," he added.

National security and privacy protection for American citizens are not mutually exclusive, the Center for Democracy and Technology maintains.

"Congress can provide exactly what Mike McConnell, the Director of National Intelligence, says he needs while also including protections for the privacy of Americans, but the Protect America Act fails to do that," David McGuire, spokesperson for the Center for Democracy and Technology, told the E-Commerce Times.

Fear Tactics
"Our firm belief is that there is a way to enact a surveillance law that closes the technological loopholes that have been mentioned and makes it possible to engage in legitimate surveillance -- both on foreign suspects and, with appropriate court approval, American ones -- while also ensuring that ordinary Americans are not swept up in investigative dragnets," he said.

Bush concluded his speech at the NSA by emphasizing that "the decisions Congress makes will directly affect our ability to save American lives" -- an assertion the American Civil Liberties Union (ACLU) called nothing short of "fear-mongering."

"As part of the PR effort to gut the Foreign Intelligence Surveillance Act, the Bush Administration has pulled out every scare tactic in the book, including exaggeration and outright fibbing," said Caroline Fredrickson, director of the Washington legislative office of the ACLU.

"This goes hand-in-hand with the usual fear-mongering," she said, "all designed to get Congress to vote to suspend the Fourth Amendment rights of Americans."

Stress Reliever

Stress Reliever # 1

Wife: You always carry my photo in your handbag to the office. Why?

Hubby: When there is a problem, no matter how impossible, I look at your picture and the problem disappears.

Wife: You see, how miraculous and powerful I am for you?

Hubby: Yes, I see your picture and say to myself, "What other problem can there be greater than this one?"

Stress Reliever # 2

Girl: When we get married, I want to share all your worries, troubles and lighten your burden.

Boy: It's very kind of you, darling, But I don't have any worries or troubles.

Girl: Well that's because we aren't married yet.

Stress Reliever # 3

Son: Mom, when I was on the bus with Dad this morning, he told me to give up my seat to a lady.

Mom: Well, you have done the right thing.

Son: But mum, I was sitting on daddy's lap.

Stress Reliever # 4

A newly married man asked his wife, "Would you have married me if my father hadn't left me a fortune?"

"Honey," the woman replied sweetly, "I'd have married you NO MATTER WHO LEFT YOU A FORTUNE"

Stress Reliever # 5

Father to son after exam: "let me see your report card."

Son: "My friend just borrow! ed it. He wants to scare his parents."

Stress Reliever #6

Girl to her boyfriend: One kiss and I'll be yours forever.

The guy replies: Thanks for the warning.

Stress Reliever # 7

A wife asked her husband: "What do you like most in me - my pretty face or my sexy body?"

He looked at her from head to toe and replied: "I like your sense of humour.

Why Call Center Guys are paid so much?

People wonder why the the call centre guys are paid so much for just being on the phone. Take a look at some of the conversations between Technical Support executives and customers on phone.

Case 1

Tech Support: "I need you to right-click on the Open Desktop."
Customer: "Ok."

Tech Support: "Did you get a pop-up menu?"
Customer: "No."

Tech Support: "Ok. Right click again. Do you see a pop-up menu?"
Customer: "No."

Tech Support: "Ok, sir. Can you tell me what you have done up until this point?"
Customer: "Sure, you told me to write 'click' and I wrote 'click'."

Case 2

Customer: "I received the software update you sent, but I am still getting the same error message."
Tech Support: "Did you install the update?"

Customer: "No. Oh, am I supposed to install it to get it to work?"

Case 3

Customer : "I'm having trouble installing Microsoft Word."
Tech Support: "Tell me what you've done."

Customer: "I typed 'A: SETUP'."
Tech Support: "Ma'am, remove the disk and tell me what it says."

Customer: "It says '[PC manufacturer] Restore and Recovery disk'."
Tech Support: "Insert the MS Word setup disk."

Customer: "What?"
Tech Support: "Did you buy MS word?"

Customer: "No..."

Case 4

Customer: "Do I need a computer to use your software?"
Tech Support: ?!%#$(welll pretend to smile)

Case 5

Tech Support: "Ok, in the bottom left hand side of the screen, canyou see the 'OK' button displayed?"
Customer: "Wow. How can you see my screen from there?"

Tech support: ##### ***

Case 6

Tech Support : "What type of computer do you have?"
Customer: "A white one."
Tech support : ******_____####

Case 7

Tech Support: "What operating system are you running?"
Customer: "Pentium."

Tech support: ////-----+++

Case 8

Customer: "My computer's telling me Iperformed an illegal abortion."
Tech support: ??????

Case 9

Customer: "I have Microsoft Exploder."
Tech Support : ?!%#$

Case 10

Customer: "How do I print my voicemail?"
Tech support: ??????

Case 11

Customer: "You've got to fix my computer. I urgently need to print document, but the computer won't boot properly."
Tech Support: "What does it say?"

Customer: "Something about an error and non-system disk."
Tech Support: "Look at your machine. Is there a floppy inside?"

Customer: "No, but there's a sticker saying there's an Intel inside."

Tech support: @@@@@

Case 12

Tech Support: "Just call us back if there's a problem. We're open 24 hours."
Customer: "Is that Eastern time?"

Case 13

Tech Support: "What does the screen say now?"
Customer: "It says, 'Hit ENTER when ready'."

Tech Support: "Well?"
Customer: "How do I know when it's ready?"

Tech support: *** ---- ++++

The Best of the Lot

Case 14

A plain computer illiterate guy rings tech support to report that his computer is faulty.

Tech: What's the problem?
User: There is smoke coming out of the power supply.

Tech:(keeps quite for moment)

Tech: You'll need a new power supply.
User: No, I don't! I just need to change the startup files.

Tech: Sir, the power supply is faulty. You'll need to replace it.
User: No way! Someone told me that I just needed to change the startup and it will fix the problem! All I need is for you to tell me the command.

Tech support: 10 minutes later, the User is still adamant that he is right. The tech is frustrated and fed up.
Tech support:(hush hush)

Tech: Sorry, Sir. We don't normally tell ourcustomers this, but there is an undocumented DOS command that will fix the problem.
User: I knew it!

Tech: Just add the line LOAD NOSMOKE.COM at the end of the CONFIG.SYS. Let me know how it goes.

10 minutes later.

User: It didn't work. The power supply is still smoking.
Tech: Well, what version of DOS are you using?

User: MS-DOS 6.22.
Tech: That's your problem there. That version of DOS didn't come with NOSMOKE. Contact Microsoft and ask them for a patch that will give you the file. Let me know how it goes.

1 hour later.

User: I need a new power supply.
Tech support: How did you come to that conclusion?

Tech support : (hush hush)

User: Well, I rang Microsoft and told him about what you said, and he started asking questions about the make of power supply.
Tech: Then what did he say?

User: He told me that my power supply isn't compatible with NOSMOKE.

Height of All (Too Good)

Case 15

Customer care officer : I need a product identification number right now and may I help you in finding it out?
Custtomer: Sure

Customer Care Officer: Can you left click on start and do you find 'My Computer'?
Customer: I did left click but how the hell do I find your computer?

Types of Computer Women

Virus Woman
She installs in your apartment and play the boss. If you try to uninstall, you loose some stuff. If you don't, you'll loose everything.

Internet Woman
You have to pay to have access.

Server Woman
Always busy when you want her.

Windows Woman
You know that she have many bugs, but you can't live without her.

Macintosh Woman
Attractive, almost perfect, costs more money, but not so compatible with others. Only 5% of men have the pleasure to get her.

PowerPoint Woman
She’s ideal for party presentations, business meals, etc.

Excel Woman
They said that she knows many things, but you have her only for basic things.

Word Woman
Always she waits you with surprises and there is nobody can understand her.

DOS Woman
Everybody has her once, but nobody wants her now.

Backup Woman
You think that she have enough, but when you want to try her, she's missing something.

Scandisk Woman
We know that she's good and willing to help you, but she really dosen't know anything.

Screensaver Woman
Useful for nothing, but she amuse you.

Paintbrush Woman
She's all makeup, but nothing in rest.

Harddisk Woman
She knows anything, all the time.

User Woman
She doesn’t make anything good and always ask you something.

E-mail Woman
From 10 sentences she talks, 9 are bullshit.

Silly & Funny Interview Questions

Story I

Employer: Do you have a boyfriend?
Candidate: I have.
Employer: Is he working locally?
Candidate: No. He is working Overseas.
Employer: Sorry, my company cannot employ you!
Candidate: Why?
Employer: You will not be able to settle down here permanently. And my company doesn’t want to pay extra expenses on the overseas calls just because of you.

Story II

Employer: Any girl friends?
Candidate: No.
Employer: So far chased any before?
Candidate: Have, but not successful.
Employer: Ever think of getting a job first then start looking for a girlfriend?
Candidate: Career is first priority. Currently didn't want to consider this personal issue.
Employer: Sorry, my company cannot employ you.
Candidate: Why?
Employer: You are lacking of public relation skills and confidence!!

Story III

Employer: Any girlfriends?
Candidate: Yes.
Employer: Is she pretty?
Candidate: Not quite.
Employer: Sorry, my company cannot employ you.
Candidate: Why? Will this affect your company's reputation?
Employer: No, it does not affect the company's reputation but because my company is dealing with arts, our company requested an artist.

Story IV

Employer: Any girlfriends?
Candidate: Yes.
Employer: Is she pretty?
Candidate: yes
Employer: Is she your first lover?
Candidate: Yes.
Employer: Sorry, we can't employ you because you lack of fighting spirit.

Story V

Employer: Any girlfriends?
Candidate: Yes.
Employer: Is she your first lover?
Candidate: No. Have a few already.
Employer: Sorry, my company cannot employ you because you are a "grasshopper"! (Job hoper!)

Story VI

Employer: Any boyfriends?
Candidate: Yes.
Employer: Is he rich?
Candidate: No.
Employer: Then sorry, my company cannot employ you because our Company is dealing with money and you will seduce.

Story VII

Employer: Any boyfriends?
Candidate: Yes.
Employer: Is he rich?
Candidate: Yes, very rich. He owns a company.
Employer: Sorry, we cannot employ you because your boyfriend don't even want to employ you, neither do we!
Candidate: But, there is no position in his company.
Employer: Then, what is your qualification?
Candidate: Secretary!
Employer: Sorry, we still cannot employ you because your prettiness will affect your managers' working spirits.
Candidate: But, I am not pretty at all.
Employer: It is even worse because my managers will not be interested in you!!

Craziest Interviews

Interview 1

Interviewer: If we give you a module which consists of new technology, how will you proceed with it?
My answer: I will first understand the module and learns the technology and develops the code after doing design ASAP.

Interviewer: What will you do if we give you one day for doing all this?
My answer: I will do it one day.

Interviewer: What will you do if you are not able to complete in one day?
My answer: If the work is not getting completed after end of the day, I will request for some more time.

Interviewer: What if we insist you to complete it on the same day?
My answer: I will spend 24 hrs and complete it. I am ready to cook food at office and work as if I am working in call center. (I am getting irritation at this point).

Interviewer: What will you do if no documentation is available for this new technology?
My answer: I will ask for knowledge transfer from my seniors.

Interviewer: What will you do if no one had worked on this technology before?
My answer: I will request for some more time to acquire knowledge and complete the work.

Interviewer: What if we force you to complete the work in one day without documentation, support?
My answer: If you can at least give me a computer to do things, I know how to do it without documentation, support and time.

Is it really worth asking this kind of questions? What a person can do if he needs to work on new technology, with no documentation, no support and no time? I am not God, of course, I am developer. Am I wrong with my answers?

Interview 2

Interviewer: If we give you a module which consists of new technology, how will you proceed with it?
My answer: Learn technology on the fly..(as is expected from today’s IT professionals) as soon as possible and understand the module. If possible I would like to get trained in that technology if training provided by company.

Interviewer: What will you do if we give you one day for doing all this?
My answer: I will estimate the ETC(Estimated time of completion) and if I think the time given is less than my estimated time I will inform you and try and extend the ETC.

Interviewer: What will you do if you are not able to complete in one day?
My answer: My first priority to complete the task with in the ETC if I am not able to complete within that time my attemp would be to get it done ASAP without further extending the ETC any longer. Also I would inform about this extended ETC to the concerned authority I am reporting to.

Interviewer: What if we insist you to complete it on the same day?
My answer: To be honest if I am not able to deliver on time I would prefer to inform you in advance that the expected time of completion does not match with my estimated ETC rather than accepting do deliver and later failing to do so.

Interviewer: What will you do if no documentation is available for this new technology?
My answer: Now this is a stupid question. A new technology with no documentation?

Interviewer: What will you do if no one had worked on this technology before?
My answer: Take it as a good learning experience and I think it is always good to work on the latest technology.

Interviewer: What if we force you to complete the work in one day without documentation, support?
My answer: I will try my best given all above facts!

Interview 3

Interviewer: If we give you a module which consists of new technology, how will you proceed with it?
My answer: I'll review the requirements for the module, learn the technology and then confirm that it's the correct technology for job. Very often new technology is overused because it's "cool" even when not appropriate, this called the "new buzzsaw" problem, somewhat akin to the "golden hammer" problem.

Interviewer: What will you do if we give you one day for doing all this?
My answer: Hope that it takes a day to complete. I'll provide an estimate at the start and if I think it will be longer than one day, I'll let you know.

Interviewer: What will you do if you are not able to complete in one day?
My answer: If it's because I'm incapable of completing it in one day but believe that some else could, likely sometime in the early afternoon I'll realize this and ask for help. If it's not realistic for anyone to complete it in one day, then I will raise the concern along with my estimate.

Interviewer: What if we insist you to complete it on the same day?
My answer: There is a principle called the engineering triangle consisting of time, resources, and scope. You can pick any two. Here you are trying to contrain all three and that is not realistic. I would address the issue of constraints with the appropriate party.

Interviewer: What will you do if no documentation is available for this new technology?
My answer: Seek out information, from the web, or from others both inside the company and out. I would also raise a concern about using undocumented technology.

Interviewer: What will you do if you can't find any information on this technology? (Note: I changed the wording to be equivalently responsive to my prior answer.)
My answer: I will seriously question the desire to use the technology in light of this limitation. If we must, then I will make sure we include learning time in the estimate. I will also look for other ways to reduce risk in the project to trade-off the increased technology risk.

Interviewer: What if we force you to complete the work in one day without documentation, support?
My answer: I'd probably deliver a substandard product and would quit over my frustration with the incompetent management.

Interview 4

Interviewer:What if i ask you to work on new technology?
Me:It will be nice to have exposure to new technology.(I will have another thing to brag about in my resume.)

Interviewer:What if there is not any support/documentation?
Me:I can still do it. In my previous project i was working alone(Because nobody was able to understand what i said, and i was not able to interpret what was written in documentation).

Interviewer:What if there is only 24 Hr time?
Me: So what? I can still deliver it.(Then it will be your headache to listen to client's complains) You see, the mighty aussies, after 5 back to back defeats, they are going to World Cup without any time to improve.

Interviewer:What???? They lost the last match also???
Me: Not yet..Game is in progress.. Its a close match.Can go either way.

Interviewer:My God!!! What has happened to ausies?
Me: Dunno..may be they were getting bored of winning every time.

Interviewer:So what's the score?
Me: last 5 overs remaining New Zealand need 40 runs ..blah blah blah..

Interviewer:Which site do you see the live scorecard?
Me: espnstar.com

Interviewer: Damn ... espnstar.com is blocked in my office. Cant even track the score once i am in the office.
Me:What espnstar.com is blocked in your office? Damn!!! I guess we should end here.

Interviewer: Ya you wont like in here. By the way is there any position open with your current employer?
Me: Ohh yes...why not they are looking for.....blah blah blah... Ok so tell me what would you do if your manager gives you unrealistic deadlines, no support, non-sufficient resources etc etc....

Interviewer:Ummm.. thats a real tricky one...

Google's Press for Global Privacy Fans Flames

GOOGLE CALLED FOR A SET of global standards for protecting consumer Web privacy at a recent United Nations Educational, Scientific and Cultural Organization (UNESCO) ethics conference. Although privacy counsel Peter Fleischer pegged the move as part of Google's job as an Internet leader "to show some leadership and be constructive," insiders say it's a thinly veiled attempt to get ahead of the privacy woes that have dogged its pending DoubleClick buy.


"It's clear that this is motivated in part to dampen the growing opposition to the DoubleClick takeover," said Jeff Chester, executive director of the Center for Digital Democracy (CDD). "Google is attempting to head off a global regulatory digital train wreck."

In the U.S., the FTC is investigating the $3.1 billion acquisition from an anti-competitive standpoint, but concerns about Google's search data collection and retention policies (and melding them with DoubleClick's) have also factored into the scrutiny.

Meanwhile, in July, pressures from the EU led the search giant to scale back the length of time it would retain user data (from indefinitely to no longer than 18 months), although European regulators now have their eyes on the DoubleClick deal as well.

CDD is scheduled to participate in already scheduled press briefing today on "Google, Online Advertising, and Privacy" along with representatives from the U.S. Public Interest Research Group and Electronic Privacy Information Center (EPIC).

"Google is under enormous pressure from many countries around the world who are fed up with their arrogance and their unwillingness to make meaningful changes to their business practices," said Marc Rotenberg, executive director of EPIC. "They are also trying desperately to push the acquisition of DoubleClick through the Federal Trade Commission. And they've met enormous resistance."

Fleischer addressed the criticism directly, at a press conference (in Strasbourg, where the UNESCO meeting was held), saying: "By supporting global privacy standards, there will be a debate and part of that debate will be what our motives are." He added that Google would be pushing for the standards "regardless of whether DoubleClick were part of the equation or not." He also added that CEO Eric Schmidt would be publicly underscoring the company's stance on user privacy and protection some time in the future.

Nonetheless, the conference provided an International forum for Google to reinforce its 'don't be evil' mantra--and the search giant did it by endorsing a set of privacy standards established by the Asia-Pacific Economic Cooperation (APEC).

The APEC Privacy Framework focuses on "preventing harm" to users--by emphasizing security safeguards and imposing limitations on how much personal information can be collected. Google acknowledged that the APEC standards are only a starting point--as they were drafted and approved by 21 members of APEC in 2004, and need to be adapted for global use and acceptance three years later.

Fleischer added: "It is absolutely imperative that these standards are aligned to today's commercial realities and political needs, but they must also reflect technological realities."

Critics argued that the search giant gave no specifics for how to move forward with a global implementation--calling it another sign that the endorsement was just Google posturing for the FTC.

"Mr. Fleisher is lobbying to get a privacy Band-aid placed over an ever-growing flow of personal data being squeezed from consumers (by Google and others)," said Chester.

According to Jonah Stein, Web privacy expert and senior SEM director, Alchemist Media, the search giant has a vested interest in helping to establish International privacy standards that goes beyond the DoubleClick deal.

"Google certainly wants to make sure the deal goes through with the FTC, but we do need global standards, and they are a global player," said Stein. "When you look at the EU and some of the other legal entities they have to deal with, it's not unreasonable for them to try to find an international standard that everyone else can agree on."

Stein also said that the move should not have come as a surprise. What may be less surprising is that even in the midst of this announcement, the search giant was facing government and media scrutiny in Canada--with speculation as to whether Google's Street View map feature will violate Canadian privacy laws.

The feature that shows still video footage of locations when users click on map markers has not gone live in Canada yet, but caused skeptics to wave the privacy flag in the U.S. when the shots were found to contain glimpses of pedestrians' faces in detail.

Criminals target trusted websites

Canada ranks second worldwide as top source of malicious Internet activity

Trusted websites have become the patient zero for some viral epidemics in the virtual world with sophisticated cyber-criminals using them to lure unsuspecting computer users into spreading their malicious code.

And Canada is a key global player in the dark side of the Internet, now ranking second worldwide after Israel as the top source of malicious Internet activity.

These are among the findings of Symantec's Internet Security Threat Report Trends for the first six months of this year, released today.

"The Web is becoming patient zero for infections and we are now faced with situations where even the guys you would normally trust have an issue," said Dean Turner, director of Symantec's global intelligence networks. "The Web has really become the focal point.

"Instead of the bad guys going to you, you are going to them."

The threat comes from the increasing number of trusted websites being hacked by the professional criminals who have sophisticated commercial tools that allow them to operate vast networks of infected computers.

Even government websites are not immune from the hackers.

"What we found was that governments are the targets and the victims of the same thing as enterprises are when it comes to hosting phishing sites," said Turner.

Phishing is a technique used by cyber-criminals to acquire sensitive personal data such as credit- card and banking information.

Turner said 23 per cent of all government websites hosting phishing sites were on government domains in Thailand. And the study found that four per cent of all malicious activity detected during the first six month of 2007 originated from Internet Protocol space registered with Fortune 100 companies.

"Fortune 100 companies control seven per cent of all IP space worldwide, so it is pretty significant when we see that activity coming from the Fortune 100 - that's a lot of IP space."

Turner said that figure is likely explained by criminals capitalizing on the unused IP space of the companies.

"The bad guys know," he said. "If they are looking for activity on this IP space and they are not seeing any, they know it is fertile ground."

Turner said Canadians spend the most time online of any computer users in the world, a trend he said could explain this country's high ranking in malicious Internet activity.

Among other findings of the report:

- Bot networks, networks of infected computers that are controlled by criminals, have a lifespan of 19 days in Canada, the longest lifespan of bot networks anywhere in the world.

- The U.S. was the target of the most denial of service (DOS) attacks, accounting for 61 per cent of all such attacks worldwide in the first half of this year.

- The U.S. also was the top country of origin for attack, accounting for 25 per cent of all global attacks.

- The education sector topped all sectors for data breaches that could lead to identity theft, accounting for 30 per cent of all such data breaches over the first six months of 2007.

- The theft or loss of computer or other data-storage medium made up 46 percent of all data breaches that could lead to identity theft in the first half of this year.

- Credit cards, at 22 per cent of all items, were the most common commodity listed in the underground economy and 85 per cent of the cards being sold were issued by banks in the U.S.

Verizon Sues To Block Open Access to Spectrum

With Verizon suing to block the open-access rules -- a move that Google has called "regrettable" -- industry observers are beginning to weigh in on whether the spectrum auction will take place on schedule. Philip Verveer, a Washington attorney specializing in the wireless industry, said Verizon faces a difficult time in trying to undo the FCC rules.

Verizon threw a wrench in plans for a quiet run-up to the Federal Communication Commission's January auction of the valuable 700-MHz spectrum. The telecom company filed a petition with a court of appeals to overturn the FCC's decision to attach open-access rules to part of the spectrum.

The filing does not state any specific grounds for review, asserting merely that the FCC's rulemaking exceeds its authority under the Communications Act, the Constitution, and the Administrative Procedure Act, and is "arbitrary, capricious [and] unsupported by substantial evidence."

In July, the FCC passed a plan for the auction that imposes open-access rules on the so-called "C" block of the spectrum, encompassing roughly a third of the spectrum to be auctioned. Under the rules, the C block spectrum must be open to all devices and applications.

Google Calls Action 'Regrettable'

Google, which had pressed for even greater rules for open access, has announced its intention to bid in the auction. Bidding starts at $4.5 billion and the winning bid is expected to wind up over $9 billion.

Writing on a Google blog, Chris Sacca, head of special initiatives, wrote, "The nation's spectrum airwaves are not the birthright of any one company. They are a unique and valuable public resource that belong to all Americans." Sacca went on to say that it is "regrettable" that Verizon has decided to use the court system "to try to prevent consumers from having any choice of innovative services."

Google might not have that much to worry about. Verizon faces a "very difficult" time in trying to undo rules the FCC has promulgated, Philip Verveer, a partner with the law firm of Willkie, Farr & Gallagher in Washington DC, said in a telephone interview. As an antitrust lawyer for the Justice Department, Verveer was instrumental in the breakup of the old AT&T.

"Agency action goes to appellate court with the presumption that the agency is correct," he explained. In addition, courts tend to defer to executive agencies in technical matters. "This matter is one where the FCC's discretion under the statute is very broad. Any appeal of agency action is going to have a very difficult time," he said.

Spectrum Auction Delay Unlikely

Because of the statutory requirement for the start of the auction, "it's going to be very difficult to convince the court of appeals" to delay the auction, Verveer added. To make matters worse for Verizon, "the more technical the rulemaking, the harder it is" to get it overturned, he said.

Verveer noted that Verizon has not yet tipped its hat as to its legal arguments. "As a practical matter, they may be trying to have a place at the table," he said. It's possible that the Frontline group, led by former FCC Chair Reed Hunt, would also appeal the FCC rules, arguing that the FCC "didn't go far enough." By appealing now, Verizon might be positioning itself to balance those arguments with the claim that the FCC went too far, Verveer said.

Verizon's next step will likely to be to ask the FCC to reconsider its decision and stay the start of the auction. The agency "almost never grants" such requests, Verveer said. Verizon would likely reveal its legal theories at this reconsideration stage.

Could all of this set back the scheduled start of the auction on January 16? "The FCC is going to be extraordinarily reluctant to let this affect the timeline," Verveer said. "Unless Verizon has a legal point that creates tremendous anxiety at the FCC, it will continue on its timetable."

Microsoft Escapes Patch Tuesday Drama

There were only four fixes released on Patch Tuesday, but the updates affect several types of users, especially because of the Messenger fix. "Since instant messaging software is installed by home users as well as corporate users, it affects everyone," noted Amol Sarwate, manager of the Vulnerability Research Lab at Qualys.

After its fair share of zero-day vulnerabilities and scores of patches over the past few quarters, Microsoft 's September Patch Tuesday might seem uneventful for I.T. admins. Still, there is some work to do this month with four patches in the hopper.
One critical patch fixes a bug in Windows Server 2000 that potentially allows a hacker to take control of a victim's computer from a remote location. Another security bulletin, rated important, describes a vulnerability for Windows Services for Unix and the subsystem for Unix-based applications. The second important patch affects Microsoft Visual Studio, while the third important update fixes a flaw that affects MSN Messenger and Windows Live Messenger.

"Users of Windows Server 2000 Service Pack 4 should be paying most attention to Microsoft's patches," said Dave Marcus, security research and communications manager at McAfee Avert Labs. "However, we don't foresee a lot of exploitation of the Windows 2000 vulnerability. Not many people will use those legacy systems to surf the Web, which would be the primary attack vector."

Messaging Clients Targeted

Viruses spread through instant messaging are seeing a lot of press lately. Skype suffered highly publicized attacks this week, and now Microsoft is trying to avoid the same storyline by patching a vulnerability its messaging client. According to Andrew Storms, director of Security Operations for nCircle, the Messenger fix, which patches a remote code execution bug in the video chat functionality of the messaging client, is the most interesting update this month.

"This exploit was first announced several weeks ago and Microsoft moved very quickly to get this fix out. I'm sure this is because of the recent flush of exploits that target IM clients," Storms said. "We have seen two bugs in Yahoo Messenger, one of which was almost identical to this MSN Messenger chat vulnerability. IM clients are the hot, new vector for exploits and this trend will definitely continue for the foreseeable future."

The remaining patches affect "power users," or users with administrator or developer roles, including the one critical vulnerability described in security bulletin MS07-051. Specifically, this patch affects a Microsoft agent that displays animated characters, such as "Clippy," the Microsoft Office talking paperclip.

"While critical, it is important to note that it only affects Windows 2000 Service Pack 4 users, not those running Windows 2003, XP, or Vista operating systems," noted Amol Sarwate, manager of the Vulnerability Research Lab at Qualys. "If vulnerable, there is the potential for remote code execution under a Web-based attack scenario."

Broad Set of Users Affected

The remaining two vulnerabilities are labeled important by Microsoft. Security Bulletin MS07-053 describes a Windows services update that affects advanced users who integrate Windows with Unix. This update is designed to fix a zero-day exploit made public last month.

MS07-052, meanwhile, affects Crystal reports .RPT files. If advanced users and developers browse to a malicious Web site or open an .RPT file sent as an e-mail attachment, it could open the door to an attack.

Even though there were only four fixes altogether, September's Patch Tuesday affects several different types of users, especially because of the Messenger update. "Since instant messaging software is installed by home users as well as corporate users, it affects everyone, while the remaining patches address systems and applications used by administrators and developers," Sarwate said.

Google Files Patent Application for Mobile Payments

In what could be described as Google taking a page straight out of the PayPal playbook, Google filed for a patent that describes a mobile commerce system that is similar to existing mobile payment systems, including the mobile version of PayPal. The patent application is leading to renewed speculation about Google's wireless ambitions.


Someday, "to gpay" might mean making a payment using a text message over a mobile device. That's the form of e-commerce for which Google has filed a patent, in which the terms "gpay" and "gbuy" are used.
The application is leading to renewed speculation that Google has its sights set on a more active role in the mobile-device marketplace.

First filed in February of 2006, patent application number 20070203836 was published late last week. "The payment process may occur through the simple composition by the payor of a text message," such as a short message service (SMS), the application stated, with payee identification and payment amount then sent to a payment processing system" for debiting, crediting, or transferring funds.

Road Side Fruits and Vegetables

Some indications of Google's intended markets might be gleaned from several scenarios presented in the application.

In one scenario, at a farmer's market or a flea market, individual or family vendors sell low-priced products and typically only take cash. But such vendors are "also likely to have a cellular telephone or similar mobile device," Google's application noted, and, if given a preference, might prefer not to deal only with cash.

Instead of using cash, Google envisioned, both the fruit seller and the buyer use their mobile devices. The vendor would have an account with an online payment service and an identifier, such as a phone number or a screen name like "veggiegirl." The buyer can enter the vendor's identifier and the amount to be paid, and the vendor receives confirmation on her mobile device.

If the vendor feels the buyer is trying to "spoof" the system, the vendor can log on to the online payment system through her own device and confirm the transfer of funds. Google noted that the online payment system might be able to handle micropayments, and have attached bank, credit, or debit accounts.

Lucy, Mowing Service, Thirsty Student

Another possible scenario mentioned is an entrepreneurial "young lady," with apparent references to Lucy in the Peanuts comic strip, who offers psychiatric help at a street stand for a nickel per session. She might use the mobile device to organize and analyze her finances, as well as receive payments. And she might post two identifiers, so as to separate sales that require taxes and those that do not -- in effect, two cash registers.

In other scenarios, Google suggested the payment system might have an escrow feature. This could be handy, the application stated, if a young person's mowing service can be hired by a homeowner who might be wary of the quality of work and might want to present payment, but hold back delivery until the job is satisfactorily completed.

Other suggested scenarios include a "thirsty college student" paying at a soda vending machine, or a community honor system, where a mobile payment system relieves a worker of monitoring occasional transactions at, say, a community stamp box.

Feds: Iceman Was Internet ID Thief

According to a criminal complaint unsealed this week, one person told investigators he received tens of thousands of credit cards from Max Ray Butler. In the affidavit, federal agents said Butler used the aliases "Iceman," "Aphex," "Darkest" and "Digits" on his forum and when hacking into financial institutions.


A man who used the Internet alias "Iceman" stole credit card and identity information from tens of thousands of people by hacking into the computers of financial institutions and credit card processing centers, federal authorities said Tuesday.
Max Ray Butler, 35, of San Francisco, was indicted by a federal grand jury in Pittsburgh on three counts of wire fraud and two counts of transferring stolen identity information. He could face up to 40 years in prison and a $1.5 million fine if convicted on all charges.

Butler was charged in Pittsburgh because he sold more than 100 credit card numbers and related information to a Pennsylvanian who is cooperating with the investigation, said Margaret Philbin, spokeswoman for U.S. Attorney Mary Beth Buchanan of Pittsburgh.

Authorities said Butler also operated a Web site that served as an online forum for people who steal, share or use others' credit card information illegally in a practice known as "carding."

Federal court records do not list an attorney for Butler, who was arrested in California on Sept. 5 on a criminal complaint filed under seal in Pittsburgh.

Butler remains in federal custody in California. It was not immediately clear when he would return to Pittsburgh to face the charges. A detention hearing is scheduled for Monday in San Francisco.

The indictment charges Butler with e-mailing people about buying stolen card numbers and selling them for several hundred dollars per batch.

According to the criminal complaint unsealed Tuesday, one person told investigators he received "tens of thousands of cards" from Butler. In the affidavit, federal agents said Butler used the aliases "Iceman," "Aphex," "Darkest" and "Digits" on his Internet forum, in e-mails with other carders or when hacking into financial institutions.

Witnesses told agents they were present as Butler moved to various hotel rooms where he would use a high-powered antenna to intercept wireless communications. From there he allegedly hacked into financial institutions and credit card processing centers to obtain confidential card information.

One witness told agents that Butler hacked into the Pentagon Federal Credit Union, Citibank and a government employee's computer.

Philbin could not immediately say which kinds of credit card numbers were sold or whether authorities planned to alert cardholders of potential problems.

Microsoft Delays Windows Server 2008

Mark Margevicius, a research director at Gartner, said the delay of Windows Server 2008, codenamed Longhorn, was "not surprising." Microsoft has a "reputation for being late," he said, but added that "there's a lot in Longhorn" and noted that "server software has critical components" that Microsoft has to get right.

On the same day that Microsoft announced that the first service pack for Windows Vista would come out later than some had expected, it also quietly announced that the release of Windows Server 2008 has been pushed back to the first quarter of next year.
The earlier announced target for the release of Windows Server 2008, formerly codenamed Longhorn and first made available in beta in 2005, was the end of this year.

The public announcement of a delay was made on Wednesday in the second paragraph of an entry on the Windows Server Division Weblog.

'More Time to Bake'

The entry, by group product manager Helene Love Snell, noted that the blog is intended to provide "an open and honest dialogue about the development process of a product of this magnitude."

So, Helene continued, "this seems like the best place to let you know that Windows Server 2008, which we have been saying would Release to Manufacturing (RTM) by the end of the calendar year, is now slated to RTM in the first quarter of calendar year 2008."

The reason? Helene wrote that Microsoft is happy with the feedback it's getting from the latest product builds but wants to spend more time to reach the expected "high quality bar."

She quoted a Microsoft program manager as saying that Server 2008 is "like a brisket." It just needs "a little more time to bake."

Launch Event

A launch event for Windows Server 2008, SQL Server 2008, and Visual Studio 2008 has been planned for February 27 in Los Angeles. Assuming Windows Server 2008 is not ready for release by February 27, the other products featured at the event might be delayed.

Snell was quoted by PC World as saying that the anticipated Windows Server Virtualization add-on will have its actual ship date affected, but, as planned, it will still have a beta available for the RTM of Windows Server 2008 and will ship within 180 days of release.

Microsoft officials have reportedly said that scheduled end-of-this-year beta releases of other products based on Longhorn, such as the midsize business server bundle called Centro and the small business server called Cougar, will not be affected.

Mark Margevicius, a research director at Gartner, said the delay was "not surprising." Microsoft has a "reputation for being late," he said, but added that "there's a lot in Longhorn" and noted that "server software has critical components" that the company has to get right.

Microsoft Defends Stealth Windows Updates

Paul Henry, Secure Computing's VP of technology evangelism, said that although Microsoft's stealth updates have not yet created any reported issues, the ramifications could be significant. With no way of turning off Windows Update, he said, the use of a compromised update process could become an attractive vehicle for a would-be hacker.

Microsoft has crossed the line with some Windows users by secretly deploying software through Windows Update -- even to users who had turned off automatic updates. Microsoft has issued an apology, of sorts, but some security experts are still warning that the practice of updating Windows without user consent could lead to dire consequences.

As its name suggests, Windows Update is a service that primarily delivers updates to Windows. To ensure ongoing service reliability and operation, Microsoft must update and enhance the Windows Update service itself, including its client-side software.

However, Microsoft discussion boards this week revealed that Redmond was updating Windows without permission. Specifically, Windows Update has updated nine files in both Windows XP and Windows Vista over the past few weeks, according to reports.

Disaster Waiting To Happen?

Paul Henry, Secure Computing's vice president of technology evangelism, verified the stealth updates on a Windows machine in his own lab. Henry said that what initially struck him as unusual is that Microsoft began the updates without any end-user notification. Beyond this, he said, there are larger security concerns.

"First, with no way of turning off Microsoft updates, it makes the use of a compromised update process a very attractive vehicle for a would-be hacker," he explained. "Second, this also raises concerns for law enforcement." Henry pointed out that a great deal of caution is exercised to maintain stability in certain environments. For example, documented Microsoft installs in computer forensics are necessary to assure that potential evidence isn't compromised.

Henry said that although the Windows process has not yet created any reported issues, the ramifications of Microsoft's stealth updates have the potential to be significant. He said he can easily imagine a patch being automatically deployed that causes things to break and go terribly wrong in a Windows environment.

"Just look what happened to Skype in the last month," he explained. "An update was released by Microsoft that caused so many PCs to reboot and reinitialize simultaneously that it impacted Skype's ability to reconnect its worldwide network."

Microsoft Defends the Updates

For those who want to know why Microsoft updated the files automatically, even if users had not opted for automatically installing updates, Redmond offered an explanation.

"Any user who chooses to use Windows Update either expected updates to be installed or to at least be notified that updates were available. Had we failed to update the service automatically, users would not have been able to successfully check for updates and, in turn, users would not have had updates installed automatically or received expected notifications," said Nate Clinton, program manager for Windows Update, in a statement.

In addition, Clinton said that the result of not updating the files would have caused users to believe that they were secure even though there was no installation or notification of upgrades. To avoid creating such a false impression, he continued, the Windows Update client is configured to check for updates whenever a system uses the service, independent of the selected settings for handling updates.

"The point of this explanation is not to suggest that we were as transparent as we could have been; to the contrary, people have told us that we should have been clearer on how Windows Update behaves when it updates itself," Clinton concluded. "This is helpful and important feedback, and we are now looking at the best way to clarify Windows Update's behavior to customers so that they can more clearly understand how Windows Update works."

Dell and Alienware Offer Samsung 64-GB SSDs

With Dell and Alienware now offering Samsung's 64-GB SSDs for selected notebook PCs, Samir Bhavnani, research director at Current Analysis West, said that at 64-GB capacity, there is enough storage for most business users' applications and documents, but he noted that 64 GB might not be enough capacity for the SSDs to catch on with consumers.

For those awaiting the day when solid state drives (SSDs) are commonplace options on desktops and laptops, the good news is that Samsung announced on Monday it is shipping its 2.5-inch SATA, 64-GB SSDs for Dell and Alienware notebooks. The bad news is that the drives are an expensive option.

They cost $920 when added to a Dell laptop. The 64-GB SSD is available initially on Dell's XPS M1330 ultraportable notebook, and, later this year, on other models in the XPS line, as well as on Latitude corporate notebooks and Dell mobile workstations.

For Alienware, users can choose dual 64-GB SSDs in RAID 1 or RAID 0 configuration, or a 64-GB SSD in combination with a magnetic drive for the Area-51 m9750 high-performance gaming notebook. Prices start over $1,000 for the SSD additions.

Currently, Dell and Alienware both offer the smaller-capacity 32-GB SSD as a less-expensive option.

Customers 'Demanding' More Reliability

Customers are demanding more reliable and durable mobility solutions, which SSDs can offer, said Dell's Tom Pratt in a statement. Industry analysts -- and SSD makers themselves -- have said that the pricey solid state drives are a good solution for road warriors and similar users for whom durability and reliability are worth the added cost.

With no moving parts, solid state drives are silent, generate little heat, and can handle shocks and vibrations more effectively than standard hard drives. Data transfer rates can be faster than hard drives, and booting a large operating system such as Windows Vista can be quick work for SSDs. In addition, SSDs consume less power compared to traditional hard drives, and are quieter and lighter.

Hard drives are still much larger in capacity, and their cost-per-gigabyte is a fraction of what it is for SSDs. But a report from research firm iSuppli has predicted that 60 percent of laptops sold by the end of 2009 will have SSDs, compared to less than one percent in the first quarter of this year.

Dell Has 'Broadest Range'

At 64-GB capacity, said Samir Bhavnani, research director at Current Analysis West, there is enough storage for most business users' applications and documents. Dell is taking a leading position in introducing SSDs, he noted, as it is currently offering "the broadest range of systems with SSD options of any computer maker."

As the largest corporate notebook provider, Dell's SSD options and relatively wide choice of systems could spur more sales among business users, said Bhavnani, who pointed out that SSDs for consumer machines might not have enough capacity to become popular. "It's still not enough capacity for your music and pictures," he noted.

But the steep price difference -- about $15 per GB for SSD and less than $1 per GB for hard drives -- could be worth it for some business users who want the shorter boot times, longer battery life, and added ruggedness, Bhavnani concluded.

Hard Drives Can Survive Fire, Floods

Owners of flood- or fire-damaged PCs typically assume their data is unrecoverable. Not necessarily, computer experts say, noting that at least some data can be recovered from virtually any faulty or damaged storage device. And as the computer industry has grown, so has the number of companies doing that restoration work.

As flood waters filled their basement, Larry and Nancy MacLennan hastily moved their computer to the first floor before evacuating. But the water continued to rise, eventually filling most of the two-story house and submerging the computer for hours.
For the next several days the family worried about the damage to their Minnesota City, Minn., house. When they remembered that the computer held thousands of photos, including some about 70 years old, the MacLennans feared those precious files were lost forever.

But their daughter, 35-year-old Jenna MacLennan, had heard that data-recovery firms now sometimes find data on extremely damaged hard drives. Within days, engineers had recovered all the MacLennans' files.

"We were extremely happy about that," said Jenna MacLennan, an account manager for an electronic-equipment manufacturer. "With the water, the mud, everything, we just didn't know what kind of corrosion or damage might have occurred."

Hard drives typically fail when mechanical parts wear out, but the drives tend to be remarkably resilient to external elements such as flood water, said Richard M. Smith, an Internet security and privacy consultant at Boston Software Forensics.

"If you look at a hard drive, it's hermetically sealed," Smith said. "In most cases water wouldn't get into the drive itself."

Owners of flood- or fire-damaged computers typically assume their digital tax forms, photos and passwords are unrecoverable. Not necessarily, computer experts say, noting that at least some data can be recovered from virtually any faulty or damaged storage device. And as the computer industry has grown, so has the number of companies doing that restoration work.

"We've done data recovery on a laptop that was dropped from a helicopter, on a laptop that had been submerged in the ocean for a year," said Todd Johnson, vice president of operations at Kroll Ontrack Inc., whose engineers helped the MacLennans. "One time there were even bullet holes in the hard drives."

Kroll Ontrack is a division of New York-based Kroll Inc., a risk-consulting company whose technology operations announced second-quarter revenue in August of $141 million.

As a service to victims of last month's floods in Wisconsin, Illinois, Minnesota, Ohio and Oklahoma, Kroll Ontrack is waiving some costs and charging them a flat recovery fee of $850, with 10 percent to be donated to the Red Cross.

The 20-year-old company, based in Eden Prairie, Minn., is one of several offering similar services and prices, including SalvageData Recovery Lab Inc. in Stamford, Conn., and First Advantage Data Recovery Services in Irving, Texas. The companies charge from $400 to $2,500 for a standard recovery, with the price varying depending on several factors including the proportion of data that can be recovered.

Data-recovery companies use proprietary methods to recover data, pulling files into their own environment, where engineers can determine which are salvageable. The recovery process involves digging below the operating system, Johnson said.

Data can be salvaged from Windows-based computers and Apple Inc.'s Macs, and even from fully loaded iPods or cell phones. Engineers then ship the files back on CDs, DVDs or on a new hard drive.

Typical computer users know they should back up their data, Johnson said, but many keep their backup files so close to their computers that secondary files are destroyed at the same time as the computer. He recommends that backups be kept at a distance, perhaps even in a safe-deposit box at a bank.

That experts can recover data from hard drives damaged by water, fire or even a sledgehammer is a mixed blessing. Sometimes a person disposing of an old computer actually wants the hard drive destroyed to thwart would-be hackers looking for private information. So how can one be sure the hard drive is rendered permanently inaccessible?

Some experts suggest running a data-erasing program that repeatedly overwrites information with ones and zeros. Others suggest keeping the hard drive and disposing of the rest of the computer. The most extreme option would be to physically shred the hard drive and dispose of pieces in multiple locations.

As Jenna MacLennan looks at recovered digital photos of her grandmother and grandmother's parents, she says the data recovery was a bright spot in a tragedy that left her parents' home as a roof balanced on stripped two-by-fours.

"When you're able to recover your history, your photographs, there's a sense of gaining back something that's yours," she said. "It's something you can look at as good amongst everything else, that your memories aren't all gone."

IBM Claims New Nanotech Breakthrough

To explain how much storage capacity IBM's new breakthroughs in nanotech might mean somewhere down the line, IBM said that storing data on small clusters or individual atoms could mean that almost 30,000 feature-length movies, or all of the millions of videos on YouTube, could be stored on a device the size of an iPod.

If you already think your fingers are too big for some of today's small electronic devices, you likely won't be happy to know that new discoveries from IBM could make such devices much, much smaller and more powerful.

On Thursday, the Armonk, New York-based company announced what it called "two major scientific breakthroughs." Its researchers took a big step toward figuring out how to get individual atoms to hold a specific magnetic direction, which would allow them to store data. And they got closer to developing a logic switch between molecules, and even between individual atoms inside a molecule, which could lead to molecular or submolecular processors.

The research, detailed in two reports in the journal Science, does not mean that we'll soon be seeing a supercomputer the size of a grain of sand. But the research does take several important steps in that direction.

All YouTube Videos on an iPod

The work toward getting a single atom to store data involves measuring a property called magnetic anisotropy, which is how well an atom can maintain a specific orientation, representing the one or zero used in digital storage. The company said that, before the new breakthrough, no one had been able to successfully measure the magnetic anisotropy of individual atoms.

To understand how much storage capacity that could mean, it would be best if you were sitting down. IBM said that storing data on small clusters or individual atoms could mean that almost 30,000 feature-length movies, or all of the millions of videos on YouTube, could be stored on a device the size of an iPod.

"We are now one step closer to figuring out how to store data at the atomic level," said Gian-Luca Bona, an IBM manager of science and technology.

Speck of Dust

In addition to highlighting the storage breakthroughs, the researchers pointed the way to enormous processing power in extremely small sizes by developing a single-molecule switch that "can operate flawlessly without disrupting the molecule's outer frame."

Keeping the outer molecule intact is a critical advance of the new research. Among other things, it enabled researchers to use atoms inside one molecule to switch atoms in another, nearby molecule -- a basic logic switch. Earlier research at IBM and other labs has been able to switch inside single molecules, but it always changed their shape -- something you don't want to do if you're building logic gates or memory elements.

If single-atom storage didn't take your breath away, consider submolecular switches as the basis for logic gates and electrical circuits. IBM said some researchers speculate that such miniaturization could mean computer chips as small as a speck of dust.

While shopping for the fastest new piece of dust on the market is still some years away, researchers are moving on to the next step for the switches -- building a circuit, and then figuring out how to create a chip.

World Now Has Four Billion Phone Lines

The increase in phone use has been especially strong in developing countries that have been able to provide cellular phone service to tens of millions of people much more cheaply than having to wire up homes and offices for fixed-line telephones. As a result, 61 percent of the world's mobile subscribers are in developing countries.

Largely because of the mobile phone boom in developing countries, telephone service has quadrupled in the past decade to 4 billion lines worldwide, according to a report Tuesday from the U.N. telecommunications agency.
The International Telecommunications Union counts 1.27 billion fixed lines and 2.68 billion mobile accounts. The total number of people represented by those figures is unclear because many people, particularly in industrial countries, have both kinds of service.

The increase has been especially strong in developing countries that have been able to provide cellular phone service to tens of millions of people much more cheaply than having to wire up homes and offices for fixed-line telephones.

As a result, 61 percent of the world's mobile subscribers are in developing countries, the ITU said. China and India, for example, together added almost 200 million mobile subscribers to the global total in the first three months of this year.

In 1996 there were fewer than 1 billion fixed-line and mobile phone subscribers altogether. Fixed-line subscriptions have grown slowly since then, but mobile has taken off, showing "spectacular success," said Doreen Bogdan-Martin, one of the report's authors.

The report also said more than 1 billion people in the world use the Internet.

Although the least developed countries lag in telecom service, growth is picking up in Africa, thanks to advances in technology that enable broadband connections over mobile phones.

Improved access is also coming in what the telecommunications industry calls "next-generation networks" -- using either fixed or mobile connections to offer services including television and inexpensive voice-over-Internet long-distance. But the report said countries may need to change their regulatory requirements if the benefits of newer networks are to be realized.

"In many countries, licensing practices would prohibit operators from offering a popular `triple play' of voice, broadband and (Internet-based TV)," said Susan Schorr, chief author of the report.

Big Blue Joins Forces with OpenOffice.org

IBM's commitment to ODF might actually represent a greater blow to Microsoft's ambitions than Redmond's recent defeat in an ISO vote that would have put Open XML on the fast track for becoming an international standard for documents. But IDC's Pers Anderson said he believes Microsoft's ISO setback is minor with respect to the private sector.

IBM said it is joining the OpenOffice.org community to collaborate on software development for the Open Document Format (ODF), an ISO standard that governs the creation, storage, and exchange of documents.

Mike Rhodin, general manager of IBM's Lotus division, said IBM expects the collaborative effort to "provide tangible benefits to users of OpenOffice.org technology around the world" through the creation of "an even broader range of ODF-supporting applications and solutions." He said that by leveraging OpenOffice technology in its own software products, IBM hopes "to deliver innovative value to users of IBM products and services."

OpenOffice.org marketing project lead John McCreesh welcomed IBM's future commitment to package and distribute new works that leverage the OpenOffice.org technology supporting ODF. "ODF is a once-in-a-generation opportunity for the I.T. industry to unify round a standard, and deliver lasting benefit to users of desktop technology," McCreesh said.

Improving Accessibility

Initially, IBM will be contributing the code that it has been developing as part of its Lotus Notes software product, which includes accessibility enhancements that just might help OpenOffice.org reach parity with what rival Microsoft currently offers handicapped workers through its Office business productivity suite.

Accessibility is still a huge issue, especially with governments, noted Gartner Client Computing vice president Michael Silver. "There were a lot of eyes on accessibility during the development of OpenOffice.org version 2 and the improvements were big, but not sufficient for many," Silver explained.

Silver said he thinks IBM should have become an official part of the OpenOffice effort long before now. Still, "having IBM's help with this will surely help OpenOffice.org," he said.

Rhodin indicated that, over the long haul, IBM would be dedicating software engineering resources that would be making ongoing contributions to the feature richness and code quality of the ODF-based productivity suite. The collaboration effort might be just what OpenOffice.org needs to encourage more organizations worldwide to embrace its ODF-based technology.

Emphasis on Pragmatic Issues
"ODF has been an ISO standard for some time now, but adoption is still very slow," said IDC Nordic Group managing director Per Anderson. "There are a limited number of companies and organizations looking at ODF, and most of them are just considering it."

By contrast, IDC's latest survey shows that several companies and organizations are actively implementing Microsoft's competing Open XML format, particularly in Europe. "Our recent survey shows that commercial companies put more emphasis on pragmatic issues like long-term document viability and backwards compatibility rather then whether the standard is a formal open standard," Anderson explained.

IBM's commitment to ODF might actually represent a greater blow to Microsoft's ambitions than its recent defeat at the ISO in a vote that would have put Open XML on the fast track for becoming an international standard for documents.

Anderson said he believes the ISO setback is minor with respect to the private sector. "It could be slightly more significant in the public sector, but this will be dependent on the ISO's next voting round," Anderson explained.

Nevertheless, a considerable number of obstacles to ODF's adoption still need to be addressed. "What will help will be the potential results, not just having the IBM name in the mix," Silver said.

10 Great SEO Tips

There was a time when companies could simply boot up a Web site and their content would immediately begin showing up in various search engines. For better or worse, those days are long gone. To have content displayed, corporations need to understand what the search engines are looking for and then provide it to them. If one company does not want to do that, a competitor certainly will.


As evidenced by the phenomenal success of Google (Nasdaq: GOOG) , search has evolved from an interesting sideline into a primary function for many, if not most, Internet users. Consequently, more and more companies are putting content up on their Web sites to attract the attention of search engines.

"You can have really great information on a site, but if a potential customer can't find you, what good is it?" asked George Aspland, president of eVision.

Chances are that most times a person won't find the company. If a user types in a simple query today, tens of thousands, millions and even billions of results come pouring back in an instant. In most cases, a user will sift though a couple of pages -- basically a few dozen links -- and either re-enter the query or give up the search in disgust.


Those First Few Pages
Consequently, companies are trying to make sure that their sites show up on those first few pages. In response, a booming cottage industry creating search engine optimization (SEO) specialists has emerged. What follows are five tips from such experts that a company can use to increase the likelihood that its name will pop up quickly.


1. Keep tabs on search engine rules. The search engine vendors would like to make it easier for themselves to collect information. Consequently, they have devised Web page design guidelines that help their software index new Web pages.

"The search companies expect to see basic items, such as a site map, so their Web crawling software -- as well as your customers -- can find information on different pages," George Chaney, president of SEO King, told TechNewsWorld.

Repetition is another item that these vendors value. "Keywords belong in page titles, image names, headlines, body content and links," Todd Follansbee, vice president at Web Marketing Resources, told TechNewsWorld. In certain cases, following this guideline may diminish the graphical appeal of a page or not follow business writing rules, but that is a price a company has to pay to be displayed on those first few search pages.

2. Pay special attention to the title of a page. Search engines list a company's title at the top of search results, so it is not surprising that they examine titles carefully. An obvious item -- but one sometimes overlooked -- is that companies need to put titles on all pages, not just main entry points on their Web site. Also corporations need to be direct, rather than clever, when crafting their titles because the Web crawling software does not have a sense of humor.

Brevity is an important consideration in regards to the title -- the search engines want companies to limit text to less than 80 characters, which translates to one short sentence. All caps should be avoided because it detracts rather than enhances reading comprehension.

3. Label graphical content. Increasingly, companies are putting more graphical and video elements on their Web sites. "Currently, most search engines are not able to understand and rank thumbnail pictures and video content," Andrew Frank, a research vice president at Gartner (NYSE: IT) , told TechNewsWorld.

Since they cannot understand the information, they simply pass on indexing it -- although their algorithms are getting better at working with such information. If a company has a number of these items, there are alternative tags that can be used to describe them. When a company uses one of these tags, it should include keywords in the text and clearly label the item. Generic descriptions, such as pix1, and abbreviations should also be avoided because search engines do not value them highly.

4. Support link exchanges. Search companies have taken on the communal characteristics found in the Internet. If a number of other sites link to a company's Web page, then the engines give it more credence. "Companies should include link bait, phrases or pages on Web site that others can use to link to it," eVision's Aspland told TechNewsWorld. Also, a company can search for sites similar to its own, contact the creators and build a new community. Another option is to join a webring, a string of linked sites dedicated to a certain topic. There are plenty of them on the Web, and more arising daily.

5. Be prepared to tweak Web content consistently. Search companies, such as Google, determine which items to display by relying on ranking algorithms, formulas they have developed that decide which Web pages best match each user's query. With the dynamic nature of the content and the vendors' desire to deliver the best page out of millions and billions of possibilities, these algorithms are constantly being scrutinized.

Daily, vendors' engineers work busily to make them more precise. After undergoing a test phase, changes are put into production. No one knows when this occurs -- observers expect it at least once every three months -- because companies like Google never announce them. The only time it becomes clear is when a company's page rankings change dramatically. Consequently, firms need to track their rankings and make changes when they are needed.

There was a time when companies could simply boot up a Web site and their content would immediately begin showing up in various search engines. For better or worse, those days are long gone. To have content displayed, corporations need to understand what the search engines are looking for and then provide it to them. If one company does not want to do that, a competitor certainly will.


Garnering the attention of the search engine vendors requires a delicate balance. While there are some steps that companies can take to improve their ranking, there are other items that lower the company's search rankings, and can even result in them being blacklisted in some cases. Consequently, they need to maintain a proper balance.


Search engines have taken on the role of parents doling out rewards as well as punishment to companies building Web sites. The punishment comes from two sources. For one, the search engines are flawed, often unable to work with various types of information.

"At one time, search engines could not make sense of PDF data, but that was one shortcoming that the vendors were able to overcome," said Andrew Frank, a research vice president at Gartner (NYSE: IT) .

The other set of problems comes from companies bending -- and in many cases, knowingly breaking -- rules in order to have their results displayed more prominently. "Because of the high stakes involved in search, scams have become rampant in the industry," George Chaney, president of SEO King, told TechNewsWorld.


Avoiding the Punishment
Part 1 of this two-part series features five tips on how a company can increase the likelihood that its name will pop up quickly and high on search pages.

What follows are five steps that a company can take to avoid being punished by search engines:


6. Submit Web pages to search engines judiciously. When the Internet was first booming, search vendors had rudimentary techniques to identify new Web pages. Consequently, they often appreciated it when companies submitted new Web pages to them.

Much has changed in the past few years. If a company puts a new page up, a search engine will find it. That statement assumes that a corporation has made other groups aware of its site. When it puts up a new site, a firm needs to register itself with a domain name services provider so the page makes its way into the Internet's global network index.

If a company is nervous, wants to be on the safe side, and decides to submit its content to a search engine, that step should only be taken once. If it is done repeatedly, the search engines may deem the material as spam and blacklist it, removing the site from all search mentions.

7. Make sure Web links lead somewhere. Links to other sites help a company gain a higher site rating, so many sites have them. However periodically, search engine suppliers will check to make sure a link is working, so companies have to make sure that their referenced content has not moved or been taken offline.

Some unscrupulous companies have pushed the idea of embedded links a bit too far. They include bogus Web links on their pages in order to generate higher site ratings. While there is a link, it leads to a blank page in some instances or in other cases will circle back on itself -- thereby creating an infinite number of links. Search engine vendors are not particularly fond of such links and blacklist sites known for them.

8. Minimize use of flash. Flash is a programming tool used to add video-like animation to a Web site. These animations are small programs that can be embedded into HTML pages and provide cool visual effects, often close to video.

"While flash can be compelling, it is not something that search engines can easily recognize and categorize," Gartner's Frank told TechNewsWorld. Consequently, many search engines do not read or catalog any flash content. If a company wants to use flash, it needs to make sure that similar textual content is available so search engines can work with the data.

9. Do not react to every algorithm change. The search engine vendors are constantly trying to fine tune their algorithms and make them more accurate. "A company can drive itself nuts reacting to each change that the search vendors make," George Aspland, president of eVision, told TechNewsWorld.

After they make a change, search engine vendors then examine how well it works. In certain instances, the change hurts rather than helps the company deliver appropriate content to users. As a result, the search engine company will pull the change and go back to its original algorithm. Rather than rush back and forth through such exercises, it is better for companies to wait about three or four weeks after noticing a change before making their own alternations.

10. Limit use of pop-ups. Pop-ups have become items that help companies gather information quickly and effectively. These items are still associated with spamming sites, so search engines flag sites with excessive numbers of pop-ups as spammers. In designing a Web site, a company should limit the number of pop-ups.

Garnering the attention of the search engine vendors requires a delicate balance. While there are some steps that companies can take to improve their ranking, there are other items that lower the company's search rankings, and can even result in them being blacklisted in some cases. Consequently, they need to maintain a proper balance.

Microsoft Introduces New Breed of Portable Mice

Microsoft struck again in the consumer hardware space Wednesday, rolling out new hardware with special emphasis on notebook computers. Two new mice are focused on laptop use, and one of the new webcams the company unveiled is designed for notebooks as well. One of the mice features Bluetooth connectivity, while the other has a transceiver containing a 1 GB thumb drive.

With its eye on notebook users and photo-sharing fans, Microsoft (Nasdaq: MSFT) on Wednesday rolled out three new wireless mouse products and two new webcams.

First, citing increasing U.S. retail notebook PC sales , Microsoft unveiled the Bluetooth Notebook Mouse 5000 and the Wireless Notebook Laser Mouse 7000, both designed to make notebook computing more productive and to reduce touchpad fatigue.

"These additions to our product line showcase how Microsoft delivers the tools that match consumers' computing needs -- providing comfortable tools for the growing number of notebook users to get the job done on the go," said Ivan Meljac, product marketing manager for Microsoft hardware. "The Hardware Group focuses on ease of use, and these mice are no exception, with simple, quick and reliable wireless connections."

Bluetooth-Ready
The Bluetooth Notebook Mouse 5000 is designed to work seamlessly with Bluetooth-ready computers without the need for any external transceiver or extensive setup process. High-Definition Laser Technology is designed to provide smoother tracking, more responsiveness and better precision, Microsoft said.

The Wireless Notebook Laser Mouse 7000, meanwhile, features a shape based on that of the best-selling Microsoft Wireless Notebook Optical Mouse 3000. It offers 2.4GHz wireless, a snap-in transceiver and instant access to the Windows Vista Flip 3D feature, which lets users flip through open windows and quickly switch among applications.

The Bluetooth Notebook Mouse 5000 will be available in October, while the Wireless Notebook Laser Mouse 7000 will be widely available in September; both will have an estimated retail price of US$49.95.

Built-In Memory
Next, the Microsoft Mobile Memory Mouse 8000 is the industry's first rechargeable notebook mouse with 1 GB of flash memory built right into the transceiver, Microsoft said. The single transceiver is a three-in-one tool that lets users simultaneously work wirelessly, save important files and recharge the mouse without sacrificing performance -- all through one USB port.

"With the continued rise in notebook sales, there is a huge demand for smart peripherals that help mobile users get their work done more efficiently, and the Mobile Memory Mouse 8000 combines three key tools into one stylish device," said Matt Barlow, worldwide director of marketing and partner development at Microsoft hardware.

"Adding a gigabyte of memory to the mouse transceiver is truly a computing milestone," Barlow added. "We've packed more memory into the transceiver than an entire computer had 25 years ago."

With magnetic charging and the option to connect via either Bluetooth or 2.4GHz wireless, the Microsoft Mobile Memory Mouse 8000 will be widely available in October for an estimated retail price of $99.95.

Sharing Photos
Finally, Microsoft's two new webcams include a desktop unit, the LifeCam VX-7000, and a notebook unit, the LifeCam NX-3000. Both connect to Photo Swap, a feature that allows consumers to share digital photos with friends and family and see their reactions in real time, and both work closely with Windows Live Messenger.

"The Photo Swap feature is a perfect illustration of what a video call should be about: keeping in contact with loved ones, sharing memories and having fun," said David Fortin, senior director for consumer product management at Windows Live.

Both LifeCams will be widely available in September. The VX-7000 will have an estimated retail price of $99.95, while the NX-3000 will be $59.95.

Sleepy Mice?
Bluetooth technology has some "inherent problems that make it painful to use," Rob Enderle, president and principal analyst with Enderle Group, told TechNewsWorld.

While each generation of Bluetooth peripherals gets better, "traditionally Bluetooth peripherals have had fairly serious problems with regard to latency," he explained. "The mice are better than the keyboards, but the problem is they tend to go to sleep."

Proprietary products tend to be better than Bluetooth ones, Enderle added.

"The issues are declining, but if I have a choice, I probably wouldn't pick Bluetooth, especially for a keyboard or mouse."

The Port Crunch
The addition of storage in the Microsoft Mobile Memory Mouse 8000, on the other hand, is "a nice value-add," Kurt Scherf, vice president and principal analyst with Parks Associates , told TechNewsWorld.

"Laptop sales are overtaking desktop sales, and in a lot of homes the laptop is the first computer of choice," Scherf said. "I think this is an interesting idea, and a gig is a pretty robust amount of storage in terms of a flash device."

There's a convenience factor as well, Scherf added, in reducing the number of flash drives mobile consumers need to keep in their pockets.

Good Value
Finally, sharing photos is one of the primary reasons people use home computers and the Internet , Scherf noted, so by rolling out the new webcams, "Microsoft is delivering a blended experience."

The webcams may have a hard time competing with competitive offerings, particularly those from Logitech, Enderle noted. For the price, however, "Microsoft's products are a good value, with good quality that works well out of the box," he said.

Indeed, Logitech is "the company to beat" in the peripherals market, Roger Kay, president of Endpoint Technologies, told TechNewsWorld.

"Mice, keyboards and cameras are the main peripherals for PCs, and even though the markets are static, they're large and can't be ignored," Kay added. "Microsoft has to keep updating to stay competitive."

Social Networks: Eying a Baby Boomer Bonanza

"What we've heard loud and clear from Boomers is that while they do want information, they do want resources, what they really want to be able do -- and what the Internet is perfect for -- is letting them connect with each other," said Linda Natansohn of Eons. "That's where we've found a sweet spot in the market, where there has been a great unmet demand."

There are an estimated 44 million Baby Boomers roaming the Net, and legions of marketers looking for ways to reach them. That's because, as a target market, Boomers have what it takes to make hucksters salivate: money.

"It's a generation with wealth -- (US)$2 trillion in disposable income -- and they have an incredible appetitive to keep connecting, to keep learning and to keep graduating to new things," Linda Natansohn, senior vice president for strategic development for Eons in Boston, told TechNewsWorld.

Eons was one of the first Web developers to go after Boomers by creating an online social network for them -- a sort of "Facebook with wrinkles," as Matt Richtel, of The New York Times, put it.

"Boomers have been using the Internet , but they've been nomadic," Natansohn observed. "Until now, there hasn't been a destination created for them, which is what we set out to do when we created our company in 2005."

Venture Money
Since that time, Boomer-oriented Web sites have mushroomed, and the coffers of venture capitalists, looking for the next MySpace , have opened to them.

This month, for example, VantagePoint Ventures reportedly led a $16.5 million round of financing for Multiply. Last month, Shasta Ventures led a $4.8 million round for TeeBeeDee, a site just coming out of testing.

Despite the enthusiasm of the money people, there are skeptics of the idea of bringing MySpace-style social networking to online Boomers.

Dire Prediction
"In our surveys and in our research, we see that Baby Bommers are much less likely than teenagers, for instance, to participate in social networks," Mark Best, an analyst with JupiterResearch, told TechNewsWorld.

He acknowledged, however, that "whether that's because the social networks are marketed toward teenagers or Baby Boomers are not interested in using a social network, that's up in the air."

Chuck Nyren, author of Marketing to Baby Boomers, published by Paramount Books, and principle in the Nyrenagency, of Snohomish, Wash., made a dire prediction about Boomer social networking sites.

"This is all going to cave in soon," he told TechNewsWorld. "I don't think people over 45 or 50 are that much into virtual socializing unless it's around a specific topic, like travel or health."

Money Worth Grabbing
Needless to say, Natansohn disagrees.

"What we've heard loud and clear from Boomers," she said, "is that while they do want information, they do want resources, what they really want to be able do -- and what the Internet is perfect for -- is letting them connect with each other.

"That's where we've found a sweet spot in the market, where there has been a great unmet demand," she added.

Why that demand was allowed to go unmet was because online Boomers were able to evade the crosshairs of marketers for a long time, maintained Terry Cochran, president of A2 Multimedia, of Ann Arbor, Mich., which counts in its stable of Web sites Boomernet, launched in 1995.

"There are certainly more sites today than when we started Boomernet," he told TechNewsWorld. "That's because more people finally decided that the Boomers have money that's worth trying to grab. They were ignored for a long time."

Untested Reasoning
Boomer networking sites are afflicted with the same problem that's plagued all social networking sites, Cochran noted.

"I don't know that anybody has actually done well monetizing that market yet," he said. "I don't know if there's any economic success there yet for anybody, as far as I can tell."

In the minds of marketers, unlike teenagers, who tend to be fickle and financially challenged, Boomers are creatures of habit and flush with wealth, so if they're herded into a social networking site, they should be fat for slaughter.

That reasoning remains untested, though, according to Cochran.

"I don't know that there's been some special result proven so far that even though Boomers have the bucks, that they're willing to spend them any more than any other demographic would," he observed.

Chipmakers Lock Arms to Create Cell Phone Standards

Nokia, Sony, Texas Instruments and four other global chipmakers reached an accord Friday wherein each will cooperate with an industry organization to create an industry standard for cell phone chips. The new specification to be focused is dubbed Universal Flash Storage. The target performance level is expected to be a significant advancement beyond that of the various flash cards popular today.

Seven major global chipmakers have reached an agreement to cooperate with an industry association to create an industry standard for chips used in cell phones and digital cameras by 2009.

This is a major step towards industry-wide efforts to harmonize various technology standards and reduce inconvenience for consumers.

Open Standards
In a joint statement released on Friday, the seven chipmakers -- Micron Technology (NYSE: MU) , Nokia (NYSE: NOK) , Samsung Electronics , Sony (NYSE: SNE) Ericsson (Nasdaq: ERICY) , Spansion, STMicroelectronics and Texas Instruments (NYSE: TXN) -- said that they would support the creation of a far-ranging industry specification for removable memory cards and embedded memory solutions under the leadership of the JEDEC Solid State Technology Association (JEDEC), a leading open standards organization in the semiconductor industry.

The new specification to be focused is dubbed Universal Flash Storage (UFS), which is designed to meet the industry's need for a universal memory solution with higher memory capacities and performance.

Fast Downloads
The UFS will provide a "revolutionary leap" in the industry's efforts to develop next-generation semiconductor chips that support very low access times required for memories, enable high-speed access to large multimedia files, and reduce power-consumption in consumer electronic devices, they said in the statement.

The target performance level is expected to be a significant advancement beyond that of the various flash cards popular today.

With the new technology standard, users can access a 90-minute high-definition movie within a few seconds compared with three minutes at present.

Google Puts Its Money on the Moon

Google has created the Google Lunar X Prize, a $30 million contest to fly to the moon. "The Google Lunar X Prize calls on entrepreneurs, engineers and visionaries from around the world to return us to the lunar surface and explore this environment for the benefit of all humanity," said Peter H. Diamandis, chairman and CEO of the X Prize Foundation.

Less than a month after it launched Sky in Google Earth with astronomical images from around the universe, Google (Nasdaq: GOOG) announced on Thursday that it is taking its space fascination a step further by sponsoring a contest to fly to the moon.

Offered in partnership with the X Prize Foundation, best known for the US$10 million Ansari X Prize for private suborbital spaceflight, the Google Lunar X Prize is offering $30 million in prizes to private companies that can land a robotic rover on the moon, roam the surface, and transmit data back to Earth. The goal is to challenge and inspire engineers and entrepreneurs to develop low-cost methods of robotic space exploration, Google said.

"The Google Lunar X Prize calls on entrepreneurs, engineers and visionaries from around the world to return us to the lunar surface and explore this environment for the benefit of all humanity," said Peter H. Diamandis, chairman and CEO of the X Prize Foundation. "We are confident that teams from around the world will help develop new robotic and virtual presence technology, which will dramatically reduce the cost of space exploration."


Three Prizes
The $30 million prize purse is segmented into three components. To win the $20 million Grand Prize, a team must successfully soft-land a privately funded spacecraft on the moon, rove on the lunar surface for at least 500 meters, and transmit a specific set of video, images and data back to Earth.

The $5 million Second Prize will be awarded to a team that can land a spacecraft on the moon, rove and transmit data back to Earth.

Bonus prizes will be awarded to teams that successfully complete additional mission tasks such as roving distances longer than 5,000 meters; imaging man-made artifacts on the moon, such as hardware leftover from Apollo; discovering water ice; or surviving through a frigid lunar night, which lasts approximately 14.5 Earth days.

After Dec. 31, 2012, the Grand Prize will drop to $15 million until Dec. 31, 2014, at which point the competition will be terminated unless extended by Google and the X Prize Foundation. The second place prize will be available until the end of 2014, unless extended.

Lunar Potential
Twelve men explored the moon in the 1960s and 1970s, culminating with the mission in 1972 by Apollo 17. By launching this new challenge, Google aims to begin "Moon 2.0," the next phase of lunar exploration -- and "this time we will go to the moon to stay," it said. Possible benefits of lunar exploration include solutions to environmental problems such as energy dependence and climate change, the company added.

"Why does Google love space? Well, for one thing, we just think it's cool," wrote Alan Eustace, senior vice president of engineering, on the official Google blog. "More seriously, space exploration has a remarkable history of producing technological breakthroughs, from ablative heat shields and asteroid mining to invisible braces and Tang; the X-Prize, too, could lead to important developments in robotic space exploration, a whole host of new space-age materials, precision landing control technology, and who knows what else.

"Finally, we hope the contest will help renew public interest in fields like math, engineering and computer science, especially among the young people on whom we'll all be depending to tackle tomorrow's technical challenges, whether they're on the web or among the stars," Eustace said.

Global Participation
"Having Google fund the purse and title the competition punctuates our desire for breakthrough approaches and global participation," Diamandis said. "By working with the Google team, we look forward to bringing this historic private space race into every home and classroom. We hope to ignite the imagination of children around the world."

Strategic alliances involved in the competition include Space Exploration Technologies (SpaceX), which is offering competing teams an in-kind contribution and is the first preferred launch provider for this competition; the Allen Telescope Array, operated by the SETI Institute, which will serve as a preferred downlink provider for communications from the moon to the Earth; the Saint Louis Science Center, which serves as the Foundation's official education partner; and the International Space University, based in Strasbourg, France, which will conduct international team outreach and facilitate an unbiased judging committee.

"This may help some existing commercial lunar projects get funding," James Oberg, a retired rocket scientist who is now an author and full-time media consultant, told TechNewsWorld. "It may help Russian commercial launch services, too -- the Dnepr (rocket) looks about the right size for this kind of payload, and it's a bargain."

'Definitely Interested'
Indeed, at least one private commercial space company is already interested.

"This is a great program, and last night I sent a request for information about how to submit a team," Geoff Sheerin, president and CEO of PlanetSpace, told TechNewsWorld.

PlanetSpace is in the process of building an orbital vehicle, and plans to make space flight available to the public within 24 months. "We're definitely interested," Sheerin said.

A Daunting Challenge
Potential benefits aside, though, the challenge is a daunting one, Paul Czysz, professor emeritus of aerospace engineering at St. Louis University, told TechNewsWorld.

"If you want to put one pound of rover on the moon, it will cost you roughly 210 pounds of rocket on Earth to get it off the ground," Czysz explained. "What that means is that even a small rover will take a pretty big liftoff mass here, and it has to be staged," so that pieces are jettisoned one by one.

Vehicles traveling to the moon can either orbit it first, as U.S. missions have done, or they can make a direct shot and land immediately, Csysz added. Both approaches have pros and cons, but one challenge either way is that any vehicle must not only get close to the moon, it must also be able to slow down and land in one piece so that the roving and data transmission can be done.

Orbiting the moon first allows a more precise selection of a landing site, but even then, human navigation has historically been needed, Czysz said. "When Neil Armstrong did the first landing, he was heading toward the edge of a crater and had to manually re-fly to be able to land on something flat," he explained. "It's really quite an issue -- if you're not careful, you might end up at the bottom or on the edge of a crater."

The Right Stuff
Robotic vehicles that compete in the Lunar X Prize won't have the benefit of human intervention, he noted.

The cost of success, Czysz estimates, will come in at a minimum of $300 million, far outweighing the value of the resulting prize.

What will it take to make it happen? "A bunch of people who are driven to experiment and to try things that other people say can't be done," Czysz concluded.

In other words, with the right stuff, it just might happen.

MS to Users: You Can't Handle the Truth

One might think that turning off the feature that allows Windows Update to automatically download and execute new patches would, in fact, disable automatic updates. Apparently, one would be wrong. This behind-the-back updating, said Microsoft, is necessary in order to avoid misleading customers. Some users found it rude, and others said it could even potentially upset criminal cases.

Users of Microsoft's (Nasdaq: MSFT) Windows operating system may be surprised to learn that Microsoft has been secretly updating their PCs even after they've activated a feature that seemingly prevents automatic updates.

So far, discovery that Microsoft is changing code on users' PCs without their knowledge is limited to a single program -- the Windows Update program that goes online to check for, and initiate the download of, other Windows updates.

"The upshot is that a longstanding procedure in Windows Update requires it to self-update before it is able to recognize that new updates are available," noted Nick White, a Microsoft product manager, on the Microsoft Windows Vista Blog.


"This self-updating is done regardless of whether the user has enabled automatic checking, download and/or installation of updates. It does so in an effort to avoid WU misleading the user to think s/he is up-to-date simply because s/he was not receiving notification that updates are available," he wrote.

For more detail, White pointed to a post from the Microsoft Update Product Team Blog, where Nate Clinton, Microsoft's Windows Update program manager, failed to offer any true technical reason Microsoft couldn't let end users manually start a Windows Update process on their own, at their own discretion.

"Had we failed to update the service automatically, users would not have been able to successfully check for updates and, in turn, users would not have had updates installed automatically or received expected notifications," he wrote.

For tech professionals, Microsoft's explanation may ring hollow. It may be easier for Microsoft to automatically update Windows Update, but it is by no means the only technical way to get the job done.

Truth and Consequences
While the practice of secret automatic updates may seem relatively benign, it can have severe consequences.

"The most concerning part of this is the potential for instability within in your environment. Historically, we've had problems with patches from Microsoft in the past where they would break things," Paul Henry, vice president of technology evangelism for Secure Computing, told TechNewsWorld.

"Within the enterprise space, most customers don't automatically update -- they prefer to user a lab environment to test the updates to make certain they don't break anything. That's been taken away from us with Microsoft treading down this path of automatic updates. Personally, I find it rather frightening," he explained.

Potential for Havoc
Even if a Microsoft update doesn't break an application, it can have far-reaching ramifications outside of the PC's plastic case.

"I know a great many people are concerned -- I have friends in the forensic community that are very concerned that an update could make a change to a platform that is being used in a forensic investigation that could potentially alter the outcome of that investigation," Henry said. PCs used in forensic investigations must be very tightly controlled so that no evidence can be altered, and even a possible opening for such alterations could compromise the use of the evidence in a criminal case.

"Some people in law enforcement are now considering blocking access to Microsoft's update servers to prevent this in the future," Henry noted.

Public Awareness
The biggest issue with the update seems to be that Microsoft didn't provide a clear public notice of how the update process works, leading to uncertainty about how it may be used in the future.

"I think what people are fearing is that, if you read Microsoft's license agreement very carefully, Microsoft retains the right to automatically update their code," Henry explained. "Today, Microsoft is updating the update program itself -- tomorrow are they going to be updating my operating system?"

More Faux Pas Than Tech Problem?
"Personally, I don't think it's inappropriate for Microsoft to keep Windows Update updated so that it continues function," Stephen O'Grady, an industry analyst for Redmonk, told TechNewsWorld.

"What is inappropriate is to not be overly transparent in logistical terms, because customers that have chosen non-automatic updating should not be surprised in this fashion," he said.

Most distributions of Linux, O'Grady said, automatically update themselves too. "My Ubuntu [installation], for example, keeps itself updated," he said.

Could a user turn it off entirely?

"Certainly," O'Grady said. "Like most things in Linux, updating is configurable. But out of the box, it keeps itself updated. The difference is that most users are inclined to trust Linux distributions further than Microsoft because there are no licensing or DRM issues involved."

Sun, Microsoft Forge IT Detente

Once bitter enemies, Microsoft and Sun Microsystems are getting friendly -- or at least becoming business allies. Sun has agreed to distribute Microsoft Windows Server on its hardware. The companies also agreed to work together to develop virtualization tools to make Windows Server and Solaris work together on the same machines.

Sun Microsystems (Nasdaq: JAVA) , the company whose former CEO used to denounce Microsoft (Nasdaq: MSFT) as often -- and as sarcastically -- as possible, is now selling Windows.

The Santa Clara, Calif., IT pioneer has signed on to become a Windows Server OEM (original equipment manufacturer), meaning it will install Microsoft Windows Server 2003 in its hardware running on x64, 64-bit architecture.

Additionally, Microsoft and Sun jointly said they will collaborate "to further enable deployment of Windows Server on Sun x64 systems" and to work jointly on virtualization technologies that support interoperability of their products.


Road to Recovery
Sun, still recovering from being crushed by the Internet bubble's burst, has embraced a more cooperative approach to dealing with its competitors. The current deal with Microsoft is an expansion of a landmark 2004 cooperation agreement between the companies.

In the new agreement, not only will Sun offer Windows Server on its x64 hardware but it said it will also provide "additional utilities and value-added software offerings to server systems carrying Windows Server." Sun will make Windows Server 2003 available on Sun x64 systems within about three months.

Microsoft "recognizes Sun's compelling x64 server and storage products in the market today," the company said. The companies agreed to continue testing and validating the Windows platform on the Sun systems "for scale-up enterprise computing."

Expanded Net TV Alliance
The companies also announced an expansion of their Internet Protocol Television (IPTV) partnership. They said they will continue collaborating to advance deployment of the Microsoft Mediaroom IPTV and multimedia platform on Sun servers and storage systems.

The deal is an example of Redmond's commitment to 64-bit computing, said Bog Muglia, Microsoft's senior vice president of the server and tools division. Sun's hardware "is an excellent foundation for Windows-based enterprise solutions, such as Microsoft Virtual Server, Microsoft SQL Server, Microsoft Exchange Server and Microsoft Internet Protocol Television Edition," he said.

The agreement will give Microsoft's customers additional choices, Muglia noted.

Both Are Leaders
Sun's current more cooperative business approach is part of its goal to be a one-stop shop for enterprise technology. "Sun is now a single source for today's leading operating systems -- Solaris and Windows -- on the industry's most innovative x64 systems and storage products," said Sun Systems Group Executive Vice President John Fowler.

Sun's customers can now "take advantage of the virtualization benefits" of both Windows and Sun's Solaris operating system on Sun's x64 systems, Fowler said. He suggested that Microsoft's willingness to partner with Sun amounts to recognition of the "superior system design at the heart of our product portfolio."

New Opportunities
News of the agreement was welcomed by some in the business of selling Sun products, including Mike Thompson, president and CEO of Groupware Technology, a Campbell, Calif., technology solution provider.

"I think it's great," Thompson told TechNewsWorld. "It's going to create new opportunities for us."

It's important for Microsoft and Sun to acknowledge that many enterprises want to pair their products, Thompson said. "Formalizing the relationship, in essence, makes it more appealing to customers because they know that they will have support," he said.

Burying the Hatchet
For some veterans of the Sun/Microsoft battles, its a strange new world, but one they applaud.

Laura Hughes, president of Jooven8 Marketing and Consulting, worked almost 10 years as marketing director for MOCA, Sun's main distributor. She clearly recalls some of former Sun CEO Scott McNealy's sharp-tongued taunts of rival Bill Gates.

"It used to be that Scott McNealy couldn't give a speech without bad-mouthing Microsoft," said Hughes. "It's refreshing to see the teaming approach with a common goal in place. Sun and Microsoft are the leading innovators in the technology space. Formalizing a relationship in the server space makes sense and will further propel their ability to innovate as a team. This is a positive move for all of us."

Dare to Hack an iPhone?

Remember when the iPhone was first released? In those olden days of three months ago? There were all those lists, circulating on the Web, of features that people wished had been included in the iPhone. Those lists may not yet have shrunk to zero, but the currently available hacks have substantially shortened them. That's in less than 3 months from iPhone's release.

In the classic scene from "Marathon Man," an ex-Nazi dentist (played by Laurence Olivier) menacingly asks Dustin Hoffman (who is strapped to a chair): "Is it safe?"

It's the same question being asked these days by a growing number of iPhone users. Unlike Olivier, these users have no evil motive behind the question. Instead, they simply want to know: Is it safe to hack my iPhone? Do I need to worry about losing my data or damaging the phone so that it no longer works? Must I first take a course in programming or Unix before I can perform the necessary surgery?

Answering iPhone hacking questions is a bit like trying to take a photograph of a race car while it zooms by at 200 m.p.h. By the time you press the button to snap the shot, the car is gone. That's how fast the world of iPhone hacking is changing. Still, I can now offer a definitive answer to the "Is it safe?" question. The answer is "Yes."


Easier by the Day
To be clear, by hacking, I mean modifying and customizing your iPhone so as to add to its capabilities. I am not talking about hacks that involve breaking into someone else's iPhone.

If this column had been written two months ago, I would have advised not to even attempt hacking your iPhone, unless you were familiar with Unix and/or did not worry about potentially turning your iPhone into a paperweight. Even so, I would have said it wasn't worth the risk or effort. It would likely take you at least several hours to do the needed research, accumulate the "tools" and actually carry out the task. The reward for all this work would have been minimal. There was not much you could do with a hacked iPhone, other than admire your own handiwork.

If I had written this column one month ago, I would have admitted that hacking was now a viable task for mere mortals. Utilities such as iFuntastic removed much of the heavy lifting, such as automating the critical task of jailbreaking (the name hackers gave to the changes needed to gain access to the iPhone from applications other than iTunes). Plus, there were now at least a few useful and fun things you could actually do with a hacked iPhone, such as adding custom ringtones or taking screenshots of your iPhone.

However, you were still required to work in Terminal, changing file permissions and entering other Unix commands. It was easy to make mistakes and the process sometimes failed even if you did it all correctly, even if you had a step-by-step tutorial to guide you (such as this one by Chris Breen and Ben Long).

Regular Rehacks Required
Writing this column today, I can unequivocally state that hacking an iPhone can be easily and safely done by almost any Mac user. You can do it all without ever having to launch Terminal or know a single Unix command. If you feel competent to use Mac OS X utilities such as TinkerTool, you are skilled enough to hack your iPhone. Even better, the number of useful things you can do with a hacked iPhone keeps growing every day. For starters, you can add a Finder-like utility, a launcher, a text editor, an AIM program and a variety of games.

There is only one remaining hassle: Whenever Apple (Nasdaq: AAPL) releases an iPhone software update, the update will initially fail to install. This is because, when the update installer recognizes that system files have been hacked, it refuses to proceed. You can still update your iPhone. However, you will need to do so by restoring your iPhone, rather than merely updating it.

Restoring is a considerably more time-consuming task than updating. You have to resync all your content (including all your music, video, and photos). However, the real kicker is that all your hacking modifications are wiped out by the restore. You have to do them all again. Fortunately, the hacking process is now simple enough that this should not be a big deal. I expect that even this obstacle will be overcome soon, as someone figures out a one-step method to reinstall hacks after an update.

Hacker Beware
The only real "danger" from installing an update is that Apple may include changes designed to prevent existing hacks from working. So far this has not happened, and I expect this to remain the case. My guess is that Apple is content to let the hackers have their fun. It doesn't hurt iPhone sales nor does it affect the vast majority of users who will never consider hacking their phone.

Caveat: There is always a small risk that a given hack will cause some unexpected problem. That's why most hacks include a warning such as "This software comes with absolutely no warranty of any kind. If it should cause any harm to your iPhone or data, we shall not be held responsible." You should take the warning seriously. Still, I know of no instance where a problem has occurred that could not be remedied by restoring the iPhone. Just make sure you have a current sync of your phone before you begin your hacking attempts.

How to Hack
OK. I've convinced you to give hacking a try. How exactly do you go about it? I'm not going to provide a detailed step-by-step tutorial here (it would require another column!). However, here is an overview that should be sufficient to get you started:

The first step is to get a free Mac OS X application from Nullriver Software called AppTappInstaller (sometimes just referred to as Installer.app). Connect your iPhone to your Mac, quit iTunes if it is open, and launch AppTappInstaller. Follow the instructions and, when you are done, an application named Installer will appear among the icons on your iPhone's home screen. Tap it to launch it. From here, assuming you are connected to the Internet , via EDGE or WiFi, you can install virtually any existing iPhone program. Just select what you want from the list of programs Installer provides. At this point, a wired connection between your iPhone and your Mac is no longer required.

One option you will certainly want to install is Community Sources. This adds a wealth of additional software to Installer's list, software not created by the Nullriver Software. Next, install a tool such as Launcher, which allows you to access applications beyond the maximum of four icons that can add to the iPhone's home screen.

If you are at least a bit technically inclined, you will want to add OpenSSH. This will let you use a Mac OS X FTP utility (such as Fetch or Transmit) to transfer files back and forth between your iPhone and your Mac. Doing this also requires that you know the iPhone's IP address (obtained from the WiFi settings section on your iPhone), user name (root) and password (dottie, by default) for the iPhone account. More details regarding these settings are covered elsewhere, such as in the Chris Breen article I cited above.

Dead Simple
After that, start having fun. Choose whatever you prefer from among the ever-expanding variety of games and utilities that are listed. One of the first programs I installed was Dock, a launcher application that (in its latest version) includes an option to take iPhone screenshots and store them in the iPhone's Camera Roll folder.

Should anything you install not work as you expected or if you simply decide you don't want it, you can use Installer's Uninstall feature to remove the software. Installer also automatically notifies you of updates to any software you have installed.

AppTappInstaller is truly the first "killer app" of iPhone hacking. It's the program that has pushed iPhone hacking over the tipping point, where anyone can now do it.

Note: Although I have not had a chance to test this out yet, I expect that these same hacking techniques will work with the new iPod touch. However, some modifications to the software may be needed to work with the likely different firmware on the touch. Stay tuned.

Remember when the iPhone was first released? In those olden days of three months ago? There were all those lists, circulating on the Web, of features that people wished had been included in the iPhone. Those lists may not yet have shrunk to zero, but the currently available hacks have substantially shortened them. From custom ringtones of any music you own to Web-independent games to file transfers, you can do it all. That's in less than 3 months from iPhone's release. Imagine where we will be a year from now. Heck, at the rate things are going, imagine where we will be week from now.

IT Recruiting in a Web 2.0 World

Companies such as HP that venture deeper into the world of Web 2.0 technologies to find new hires may find themselves disappointed, at least initially. Despite the low turnout the company's Second Life recruitment trial balloon yielded, however, HP's Betty Smith is not deterred. She says she sees a lot of potential for using Second Life for recruiting.

In mid-May, Hewlett-Packard (NYSE: HPQ) participated in a virtual job fair using Second Life tools from Linden Lab in San Francisco. HP had been invited by one of its external recruiters, TMP Worldwide Advertising & Communications in New York. During the virtual event, recruiters and job applicants alike created avatars, or personas to represent themselves in the virtual world.

At least that's how it was supposed to unfold. Four HP recruiters were slated to spend four hours a day on the site for three consecutive days to interview 40-plus applicants. Fewer than 20 avatars showed up, however.

"Some candidates who didn't show turned out to be inexperienced with [Second Life], didn't have their avatars created in time or weren't interested," says Betty Smith, manager of university recruiting for HP in San Diego. Two of those who did take part warranted follow-up interviews, though HP hasn't extended job offers to either candidate yet, she says.


Standing Out
HP's willingness to step into the Web 2.0 world for recruiting differentiates the company. In Computerworld's latest Vital Signs survey, none of the 233 IT professionals responding reported using Second Life for recruiting.

A scant 4 percent said they used blogs or social networking sites like Facebook to engage potential IT job candidates. Only 15 percent reported using professional networking sites such as LinkedIn. Moreover, 52 percent of the respondents said they don't use any Web 2.0 tools for recruiting.

It seems that most IT organizations are missing out on a huge opportunity to connect -- particularly with the talented twentysomethings who inhabit the virtual world. These Gen Yers are "tribal" and accustomed to the "very collaborative relationships" that Web 2.0 tools enable, says Tom Casey, senior vice president and workforce transformation leader at Kingwood, Texas-based consultancy BSG Concours.

Hooking Up
However, a few companies do see the potential. The IT leadership team at Quicken Loans, for example, is ahead of the curve. In February, it rolled out a recruiting Web site that includes a blog called "The Diff" (addressing the gap between average and outstanding performance), which employees use to articulate why Quicken Loans is such a great company to work for. One of the chief benefits of the blog is that it helps company workers connect with potential employees in a genuine way, says e-commerce marketing director Matt Cardwell.

So far, more than half of the blog posts discuss what's cool about working for the online mortgage lender; the others highlight external people or companies that Quicken Loans employees admire. "It's about connecting people up," says Cardwell.

Mirror, Mirror
The use of Web 2.0 tools can help job hunters screen companies and vice versa. It starts with a well-designed Web site that enables potential employees to learn nearly everything about a company, including its ethics and culture -- which helps socially conscious job candidates make informed decisions about pursuing IT employment.

Other tools can help companies separate the likely hires from the rest. Wall Homes, an Arlington, Texas-based home builder, typically receives thousands of hits for IT positions it places on recruitment sites like Monster.com, says CIO Andrew Brimberry. So his IT management team takes advantage of professional networking sites such as LinkedIn to locate and screen recruits on the basis of job skills, geography and academic background.

Companies such as HP that venture deeper into the world of Web 2.0 technologies may find themselves disappointed, at least initially. Despite the low turnout the Second Life trial balloon yielded, however, Smith is not deterred. She says she sees a lot of potential for using Second Life for recruiting.

Gen Yers "are so tech-savvy, we think it's a great way to reach out where they're already comfortable," says Smith. "If we can find a way to add value, they'll think about HP as a company that thinks about them."

Getting Harder
Of course, Web 2.0 is only one piece of the recruiting puzzle, says Casey. "There is no company I have spoken to that has cracked the 'DaVinci Code' of attraction," he says.

New IT recruits are more difficult to land. In the Vital Signs survey, 27 percent of respondents said it's tougher to recruit college graduates now than it was two years ago.

Complicating the challenge, some say, is that the current crop of newbies is different from previous generations in several respects. For instance, many twentysomethings are accustomed to receiving a lot of handholding and attaboys, says Adrian Gostick, co-author of The Carrot Principle and a consultant at O.C. Tanner, an employee recognition advisory firm in Salt Lake City.

The wants and needs of this new generation can induce managerial headaches for IT leaders who hire the wrong candidates. "We've cut the [IT] workforce down in the last 10 years to make them more efficient," says Neal Ganguly, CIO at CentraState Healthcare System, a Freehold, N.J.-based healthcare provider with a 32-person IT staff. "One person who is too needy can drag the whole workforce down. We just can't afford that."

High Maintenance, Sometimes High Returns
Gordon Gregory can relate. The vice president of technology at Mazuma Credit Union in Kansas City, Mo., says the company hired a few younger IT workers in recent years who didn't pan out. "A couple of them were what I'd call 'high maintenance' -- they had high egos and needed a lot of attention, and they weren't always adept at working with people and customers," he says.

More than previous generations, today's crop of younger IT workers also values, even expects, flexible work hours. "They want to work when they want to work, but we still need them in at certain hours to work on teams," says M. Lewis Temares, CIO at the University of Miami in Coral Gables, Fla.

To the extent that he can, Temares grants IT staffers flexible hours and equips them with home PCs and BlackBerry devices so they can do their jobs whenever and wherever they're able.

"There's no question you're going to get the returns back on these investments," he says.

He does. Many younger workers on Temares' 300-person IT staff put in an eight-hour day and then grind out another four hours overnight. In fact, the university now posts notices about server downtime at least a week in advance. "You never know who needs what" during the middle of the night, says Temares.

Low Tech, High Touch
There are also low-tech recruitment techniques that IT executives don't exploit nearly enough. One is piggybacking business trips with visits to colleges, says David Foote, chief research officer at Foote Partners in New Canaan, Conn. Such visits give students a chance to quiz IT leaders about what it's really like to work at a company, says Foote. "It's consistently the best way to hire people out of school."

Tellabs CIO Jean Holley has used that technique. To help feed an internship program for college graduates with SAP (NYSE: SAP) , life-cycle development and broad-based Web skills, Holley and two colleagues visited the University of Missouri -- Rolla in March to conduct preliminary interviews with students enrolled in the school's MBA-ERP program. "Getting an MBA intern is a little unique for us, but it maps to a need we have" for ERP skills, says Holley, who nabbed an intern during the trip.

Introducing Competition
Engaging college students in programming and problem-solving contests has proved to be an effective exercise at Quicken Loans. Last winter, the IT department held a contest for college students to solve one of its business problems -- the need for an automated script that could search for specific text on the company's Web site. The contest, which required students to review source code and write code, generated dozens of entries and provided senior IT management with insight into the way potential employees think and how quickly they could solve problems, says CIO Frank Laura.

Laura looks at four criteria in job candidates: a cultural fit with Quicken Loans, a desire to learn, the ability to learn and technical skills, in that order.

"We have a saying here," says Laura. "'You're like a tree: You're either growing or dying.'"

How to Start a Company Without an IT Professional

The bank has all of your data, and you aren't worried about them giving it away. The phone company also knows a lot about you. Your credit card company knows a frightening amount. What's the difference? SaaS companies should be under the same constraints for protecting your company's privacy as banks and telephone firms are. So far, they all seem to be doing a fine job.

Imagine a world in the not-too-distant future where anyone can work from anywhere, using whatever communication device they have at their disposal (laptop, iPhone, etc.). This type of world is not hard for us to imagine.

After all, many professionals are finding that they have less and less of a need to be in an office to get work done, and the automated business systems that they use are accessible from anywhere via the Internet.

Many consultants are already living this dream lifestyle. More than ever before, small companies are now opting not to have a central office, but to allow their five, 10 or 50 employees to work from home, thereby creating a "virtual" company.


Going Remote
This trend signals the end of the line for certain kinds of IT workers, because not only are employees going remote, but increasingly, back office systems are going remote too -- via the Software as a Service (SaaS) delivery model.

Many of those IT professionals aren't going to miss some of the work that's going away. Frankly, some of it is no fun at all. Have you ever noticed that IT professionals are grumpy?

Some might say it's the recluse factor: IT professionals, like programmers, often prefer computers to people. Computers do what you tell them (unless they're running Vista -- but that's another story), but people have free will. IT professionals hate free will. Free will is very annoying unless it's your own. Free will causes outages. People uninstall things, unplug things, trip on things or otherwise utilize their free will to cause IT headaches.

Yet, while all this is true, the more likely explanation for IT grumpiness is that their job is not much fun.

Typical Day
So, what is the typical day in the life of an IT professional like?

An IT professional comes to work to start his day. This is the call he won't get: "Hey IT professional, just calling to say that everything is working okay today and you're a great guy!"

No, the calls he gets are typically more like this: "Hey IT professional, why is it that the only messages our spam filter catches are our sales leads? Luckily, however, it does let all the Viagra ads through, which is good because it gives us something to read while we're not selling anything. Did they have classes in spam filtering at the college you supposedly went to?"

Working in IT is somewhat like being a fireman. You can never respond to the fire fast enough, no matter what you do. Spam is a particularly difficult arms race fought between spammer and IT department where everyone loses.

In short, the IT profession includes many hard, thankless jobs. However, these days, you can do something to mitigate this tragic story for future generations. You can eliminate this sort of job from your company altogether.

Maybe you can't save the whales or cure cancer, but you can obviate the need for the IT professional's job, allowing him to do another job. You can do this by making a commitment to bring no more software -- and no more server machines -- into your company.

Data Hosted Online
Someone who is starting a company today should consider forgoing a local server in order to avoid either acting as or hiring an IT professional. Rather, such a person can have data hosted online on someone else's server through SaaS.

A new company can easily use a customer relationship management (CRM) tool like Salesforce.com, a contact management solution like SugarCRM and an accounting application like Quickbooks Online Edition. E-mail services can be outsourced to someone like Amicus.com, and document storage to another provider.

In a nutshell, a person who is starting a brand new company today would do well to have no servers at all, thereby sailing past the stale Linux/Windows debate. Without servers and their accompanying headaches, one can focus on serving his customers instead of building technology infrastructure that is, at this point, redundant.

Servers require updates, maintenance, backups and more backups, which translates into plenty of work. Very few companies, regardless of their size, do a good job with backups. Disks have grown faster than tapes have and this is causing a real problem: Where is one supposed to put all the data? Not only that, but all disk drives fail eventually, and it is never, ever convenient.

SaaS Survives
Consider this: if a tornado obliterated all of your servers right now, how long would it take you to get it all going again? How do you know the tapes will work? Where are they? Not in the same room as the servers, let's hope. Did you know that tapes can sometimes be written to but not read from due to the technology of the tape drive and the error rate on the tape itself?

Are the types of servers you originally bought still for sale so you can buy replacements for the ones that were destroyed? Where would you get that copy of the operating system you were running? Just precisely what version of the OS was that machine running, and how would you know? How many millions of patches from Microsoft (Nasdaq: MSFT) did it have on it again? How long will it take to install them?

Wait a minute. "What if a tornado destroys the SaaS site of my chosen vendor?" you ask. That's a great question.

At my company, Journyx, we have hundreds of customers who run their business on our SaaS site. If we weren't up and running pretty much immediately after such an event, we would be out of business, and I would be out of a job.

That frightening vision is very motivating to me. So much so that we have redundant hardware, lots of backups, tapes in a salt mine, multiple sites for data, etc. No one can do a better job of keeping our application up and running than we can.

Data Security
"But what if someone steals my data and gives it to my competitor?" you ask.

The bank has all of your data, and you aren't worried about them giving it away. The phone company also knows a lot about you. Your credit card company knows a frightening amount. What's the difference? SaaS companies should be under the same constraints for protecting your company's privacy as banks and telephone firms are. So far, they all seem to be doing a fine job. Salesforce.com (NYSE: CRM) has a lot of customers, and there hasn't been an instance of sales lead data theft so far.

If you're starting a new company today, go SaaS. Get a laptop. Set up an office at Starbucks (Nasdaq: SBUX) . If your time, data security , and peace of mind are worth anything, it's definitely cheaper.

New MySQL Enterprise Suite Due Soon

Any business that has been shaken by server outages knows the value of monitoring capabilities. In the early days of open source, business managers worried most about the risk of finding out too late that promises of support from open source vendors would be paper-thin. The monitor service being offered at MySQL continuously monitors MySQL servers and raises alerts of special problems.

In a busy two days of announcements last week, MySQL, the Sweden- and U.S. West Coast-based vendor of the open source MySQL database, said that business users can expect an enriched Enterprise Edition collection of software, service and support, called "MySQL Enterprise."

The other leg of the announcement is that alpha and beta versions of open source software products will be available in late September. Included in that group will be the "release candidate" of MySQL 5.1, an upgrade of the database server .


Rounds of Bug Fixes
"A release candidate signals that we're almost ready to ship the software. All the new features are in and we've been through several rounds of beta bug fixes," Steve Curry, MySQL director of corporate communications, told LinuxInsider.

A key part of the new Enterprise package is the MySQL Enterprise Monitor.

Any business that has been shaken by server outages knows the value of monitoring capabilities. In the early days of open source, business managers worried most about the risk of finding out too late that promises of support from open source vendors would be paper-thin. The monitor service being offered at MySQL continuously monitors MySQL servers and raises alerts of special problems.

Open Source Database Outlook
More than 70 percent of organizations are going to be using open source databases by next year, predicts Gartner (NYSE: IT) . With that kind of outlook, MySQL is not slowing down marketing and technology ploys for market share.

The company's teams have been preaching the concept of "scale-out architecture." MySQL promotes the message of the "database scale-out approach," where growing businesses can avert big investments up front in database systems and licenses; instead, they can get more database horsepower on an as-needed basis, with replicated servers on low-cost hardware.

Scaling Options
One such customer who bought the message is a case in point.

"By scaling-out with MySQL, we were able to add 3 million new users in less than a month," said Nat Brown, CTO of iLike. Brown's company is a Web-based, social music discovery service. Consumers get personalized recommendations and follow what their friends are listening to.

MySQL's approach was chosen because it was cheaper and easier, Brown told LinuxInsider.

"To handle the read load, you have the option of buying and upgrading a bigger and bigger server that can handle the volume of reads or replicating the database or a portion of it to multiple read-only slaves which handle the reads from many front end web servers," he said.

"We chose the latter -- it is cheaper, easier to maintain and repair, quite fault tolerant, and easy to scale by adding more web front ends and more slave databases using simple commodity hardware," he said.

Paying for Growth
Earlier on, the business was running the free open source version of MySQL; then iLike moved up as a paying customer for the Enterprise edition.

"We had begun hitting some scaling issues," Brown said, "and there were fixes we could use in future enterprise binaries which were not yet in the community releases."

The other deal-maker, he added, was his team's test-drive of the Enterprise edition's "dashboard" tools.

High-Volume Targets
MySQL, which bills itself as the world's most popular open source database, is clearly targeting similar organizations that need to power high-volume Web sites.

"Frankly, if users need the Rolls Royce of databases, they're probably already using and paying significant amounts for Oracle or DB2. We aim to be the Toyota or Honda," Curry said.

"We're developing a new market for modern, Web-based applications that need to manage high traffic and high growth," added Curry.

Jostling in the Wings
Don't expect MySQL to take center stage without some jostling, however, from contenders such as Ingres, another open source database vendor.

"Our business is steadily growing. We are gaining traction in a number of new markets," Deb Woods, Ingres vice president, product management, told LinuxInsider. "Customers who need a high performance optimizer, parallel queries, partitioning, and a strong backup and replication environment find Ingres to be a logical choice."

If MySQL is a contender for the most popular open source database title, Ingres is crafting its presence as the "information management" company.

"Ingres is an open source information management company and will continue to be so. We help customers manage their information whether it is in tracking airline tickets, managing payroll systems, providing BI solutions, or providing solutions for the healthcare industry," Woods said.